
<!doctype html>
<html lang="en" class="no-js">
  <head>
    
      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width,initial-scale=1">
      
      
      
      <link rel="icon" href="../../../static/images/favicon.png">
      <meta name="generator" content="mkdocs-1.3.0, mkdocs-material-8.2.8">
    
    
      
        <title>目录 - WL4G DOCS</title>
      
    
    
      <link rel="stylesheet" href="../../../assets/stylesheets/main.644de097.min.css">
      
        
        <link rel="stylesheet" href="../../../assets/stylesheets/palette.e6a45f82.min.css">
        
      
    
    
    
      
        
        
        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
        <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
        <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
      
    
    
      <link rel="stylesheet" href="../../../static/css/util.css">
    
    <script>__md_scope=new URL("../../..",location),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
    
      

    
    
  </head>
  
  
    
    
      
    
    
    
    
    <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="" data-md-color-accent="">
  
    
    
      <script>var palette=__md_get("__palette");if(palette&&"object"==typeof palette.color)for(var key of Object.keys(palette.color))document.body.setAttribute("data-md-color-"+key,palette.color[key])</script>
    
    <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
    <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
    <label class="md-overlay" for="__drawer"></label>
    <div data-md-component="skip">
      
        
        <a href="#_1" class="md-skip">
          Skip to content
        </a>
      
    </div>
    <div data-md-component="announce">
      
    </div>
    
      <div data-md-component="outdated" hidden>
        <aside class="md-banner md-banner--warning">
          
        </aside>
      </div>
    
    
      

<header class="md-header" data-md-component="header">
  <nav class="md-header__inner md-grid" aria-label="Header">
    <a href="../../.." title="WL4G DOCS" class="md-header__button md-logo" aria-label="WL4G DOCS" data-md-component="logo">
      
  <img src="../../../static/images/mylogo.jpeg" alt="logo">

    </a>
    <label class="md-header__button md-icon" for="__drawer">
      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg>
    </label>
    <div class="md-header__title" data-md-component="header-title">
      <div class="md-header__ellipsis">
        <div class="md-header__topic">
          <span class="md-ellipsis">
            WL4G DOCS
          </span>
        </div>
        <div class="md-header__topic" data-md-component="header-topic">
          <span class="md-ellipsis">
            
              目录
            
          </span>
        </div>
      </div>
    </div>
    
      <form class="md-header__option" data-md-component="palette">
        
          
          
          <input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="" data-md-color-accent=""  aria-label="Switch to dark mode"  type="radio" name="__palette" id="__palette_1">
          
            <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_2" hidden>
              <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M17 6H7c-3.31 0-6 2.69-6 6s2.69 6 6 6h10c3.31 0 6-2.69 6-6s-2.69-6-6-6zm0 10H7c-2.21 0-4-1.79-4-4s1.79-4 4-4h10c2.21 0 4 1.79 4 4s-1.79 4-4 4zM7 9c-1.66 0-3 1.34-3 3s1.34 3 3 3 3-1.34 3-3-1.34-3-3-3z"/></svg>
            </label>
          
        
          
          
          <input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="" data-md-color-accent=""  aria-label="Switch to light mode"  type="radio" name="__palette" id="__palette_2">
          
            <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_1" hidden>
              <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M17 7H7a5 5 0 0 0-5 5 5 5 0 0 0 5 5h10a5 5 0 0 0 5-5 5 5 0 0 0-5-5m0 8a3 3 0 0 1-3-3 3 3 0 0 1 3-3 3 3 0 0 1 3 3 3 3 0 0 1-3 3z"/></svg>
            </label>
          
        
      </form>
    
    
      <div class="md-header__option">
        <div class="md-select">
          
          <button class="md-header__button md-icon" aria-label="Select language">
            <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m12.87 15.07-2.54-2.51.03-.03A17.52 17.52 0 0 0 14.07 6H17V4h-7V2H8v2H1v2h11.17C11.5 7.92 10.44 9.75 9 11.35 8.07 10.32 7.3 9.19 6.69 8h-2c.73 1.63 1.73 3.17 2.98 4.56l-5.09 5.02L4 19l5-5 3.11 3.11.76-2.04M18.5 10h-2L12 22h2l1.12-3h4.75L21 22h2l-4.5-12m-2.62 7 1.62-4.33L19.12 17h-3.24z"/></svg>
          </button>
          <div class="md-select__inner">
            <ul class="md-select__list">
              
                <li class="md-select__item">
                  <a href="/en/" hreflang="en" class="md-select__link">
                    English
                  </a>
                </li>
                
                <li class="md-select__item">
                  <a href="/zh/" hreflang="zh" class="md-select__link">
                    简体中文
                  </a>
                </li>
                
            </ul>
          </div>
        </div>
      </div>
    
    
      <label class="md-header__button md-icon" for="__search">
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
      </label>
      <div class="md-search" data-md-component="search" role="dialog">
  <label class="md-search__overlay" for="__search"></label>
  <div class="md-search__inner" role="search">
    <form class="md-search__form" name="search">
      <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
      <label class="md-search__icon md-icon" for="__search">
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
      </label>
      <nav class="md-search__options" aria-label="Search">
        
        <button type="reset" class="md-search__icon md-icon" aria-label="Clear" tabindex="-1">
          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
        </button>
      </nav>
      
        <div class="md-search__suggest" data-md-component="search-suggest"></div>
      
    </form>
    <div class="md-search__output">
      <div class="md-search__scrollwrap" data-md-scrollfix>
        <div class="md-search-result" data-md-component="search-result">
          <div class="md-search-result__meta">
            Initializing search
          </div>
          <ol class="md-search-result__list"></ol>
        </div>
      </div>
    </div>
  </div>
</div>
    
    
  </nav>
  
</header>
    
    <div class="md-container" data-md-component="container">
      
      
        
          
            
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
  <div class="md-tabs__inner md-grid">
    <ul class="md-tabs__list">
      
        
  
  


  
  
  
    <li class="md-tabs__item">
      <a href="../../.." class="md-tabs__link">
        Getting Started
      </a>
    </li>
  

      
    </ul>
  </div>
</nav>
          
        
      
      <main class="md-main" data-md-component="main">
        <div class="md-main__inner md-grid">
          
            
              
              <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
                    

  


  

<nav class="md-nav md-nav--primary md-nav--lifted md-nav--integrated" aria-label="Navigation" data-md-level="0">
  <label class="md-nav__title" for="__drawer">
    <a href="../../.." title="WL4G DOCS" class="md-nav__button md-logo" aria-label="WL4G DOCS" data-md-component="logo">
      
  <img src="../../../static/images/mylogo.jpeg" alt="logo">

    </a>
    WL4G DOCS
  </label>
  
  <ul class="md-nav__list" data-md-scrollfix>
    
      
      
      

  
  
  
    
    <li class="md-nav__item md-nav__item--nested">
      
      
        <input class="md-nav__toggle md-toggle" data-md-toggle="__nav_1" data-md-state="indeterminate" type="checkbox" id="__nav_1" checked>
      
      
      
      
        <label class="md-nav__link" for="__nav_1">
          Getting Started
          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <nav class="md-nav" aria-label="Getting Started" data-md-level="1">
        <label class="md-nav__title" for="__nav_1">
          <span class="md-nav__icon md-icon"></span>
          Getting Started
        </label>
        <ul class="md-nav__list" data-md-scrollfix>
          
            
              
  
  
  
    <li class="md-nav__item">
      <a href="../../.." class="md-nav__link">
        Introduction
      </a>
    </li>
  

            
          
            
              
  
  
  
    <li class="md-nav__item">
      <a href="../../../ABOUT_CN/" class="md-nav__link">
        About
      </a>
    </li>
  

            
          
        </ul>
      </nav>
    </li>
  

    
  </ul>
</nav>
                  </div>
                </div>
              </div>
            
            
          
          <div class="md-content" data-md-component="content">
            <article class="md-content__inner md-typeset">
              
                


<h1 id="_1">目录<a class="headerlink" href="#_1" title="Permanent link">&para;</a></h1>
<h2 id="1">1. 架构基础<a class="headerlink" href="#1" title="Permanent link">&para;</a></h2>
<h3 id="11-master">1.1 Master 组件<a class="headerlink" href="#11-master" title="Permanent link">&para;</a></h3>
<h4 id="111-etcd">1.1.1 <a href="https://github.com/etcd-io/etcd">etcd</a><a class="headerlink" href="#111-etcd" title="Permanent link">&para;</a></h4>
<ul>
<li>为 kube-apiserver 提供数据存储、watch 服务。</li>
</ul>
<h4 id="112-kube-apiserver">1.1.2 <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-apiserver/apiserver.go">kube-apiserver</a><a class="headerlink" href="#112-kube-apiserver" title="Permanent link">&para;</a></h4>
<ul>
<li>整个集群的唯一入口，并提供认证、授权、访问控制、API注册和发现等机制。</li>
</ul>
<h4 id="112-kube-controller-manager">1.1.2 <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-controller-manager/controller-manager.go">kube-controller-manager</a><a class="headerlink" href="#112-kube-controller-manager" title="Permanent link">&para;</a></h4>
<ul>
<li>负责维护集群的状态，比如故障检测、自动扩展、滚动更新等。保证资源到达期望值。</li>
</ul>
<h4 id="113-kube-scheduler">1.1.3 <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-scheduler/scheduler.go">kube-scheduler</a><a class="headerlink" href="#113-kube-scheduler" title="Permanent link">&para;</a></h4>
<ul>
<li>负责调度 POD 到合适的节点上面运行，分别有预选策略和优选策略。</li>
</ul>
<h3 id="12-node">1.2 Node 组件<a class="headerlink" href="#12-node" title="Permanent link">&para;</a></h3>
<h4 id="121-kubelet">1.2.1 <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kubelet/kubelet.go">kubelet</a><a class="headerlink" href="#121-kubelet" title="Permanent link">&para;</a></h4>
<ul>
<li>在集群节点上运行的代理，kubelet 会通过各种机制来确保容器处于运行状态且健康。kubelet 不会管理不是由 kubernetes 创建的容器。kubelet 接收 POD 的期望状态（副本数、镜像、网络等）
，并调用容器运行环境来实现预期状态。kubelet 会定时汇报节点的状态给apiserver，作为 kube-scheduler 调度的基础。kubelet 会对镜像和容器进行清理，避免不必要的文件资源占用。</li>
</ul>
<h4 id="122-kube-proxy">1.2.2 <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-proxy/proxy.go">kube-proxy</a><a class="headerlink" href="#122-kube-proxy" title="Permanent link">&para;</a></h4>
<ul>
<li>kube-proxy 是集群中节点上运行的网络代理，是实现 Service 资源功能组件之一。kube-proxy 建立了 POD 网络和集群网络之间的关系，不同 Node 上的 Service 流量转发规则会通过 kube-proxy 来调用 kube-apiserver 访问 etcd 进行规则更新。Service 流量调度方式有三种方式：userspace（废弃，性能很差）、iptables（性能差，复杂，即将废弃）、
ipvs（性能好，转发方式清晰）。</li>
</ul>
<h4 id="123-coredns">1.2.3 <a href="https://github.com/coredns/coredns">coredns</a> (推荐)<a class="headerlink" href="#123-coredns" title="Permanent link">&para;</a></h4>
<ul>
<li>负责集群 各 Service 的 Pod IP 地址的 DNS 解析。</li>
</ul>
<h4 id="124-flannel-cliumcalico">1.2.4 <a href="https://github.com/flannel-io/flannel">flannel</a>、 <a href="https://github.com/clium/clium">clium</a>、<a href="https://github.com/projectcalico/calico">calico</a> (推荐, 成熟稳定)<a class="headerlink" href="#124-flannel-cliumcalico" title="Permanent link">&para;</a></h4>
<ul>
<li>实现 <a href="https://github.com/containernetworking/cni">cni</a>，为集群 Pod 提供网络资源。</li>
</ul>
<h3 id="13-istio">1.3 <a href="https://github.com/istio/istio">Istio</a> 组件<a class="headerlink" href="#13-istio" title="Permanent link">&para;</a></h3>
<h4 id="131-enovy">1.3.1 <a href="https://github.com/envoyproxy/envoy">enovy</a><a class="headerlink" href="#131-enovy" title="Permanent link">&para;</a></h4>
<ul>
<li>为 Pod 以 sidechar 形式提供流量输入输出。</li>
</ul>
<h4 id="132-bookinfo">1.3.2 部署 bookinfo 异构微服务<a class="headerlink" href="#132-bookinfo" title="Permanent link">&para;</a></h4>
<ul>
<li>TODO</li>
</ul>
<h2 id="2-kubernetes">2. Kubernetes 生产集群部署 (规范命名、路径等)<a class="headerlink" href="#2-kubernetes" title="Permanent link">&para;</a></h2>
<ul>
<li><a href="https://v1-21.docs.kubernetes.io/zh/docs/reference/command-line-tools-reference/kubelet/">参考 1: 官方文档 kubelet (v1.21)</a></li>
<li><a href="https://blogs.wl4gcs.com/archives/972">参考 2: 生产离线部署 etcd</a></li>
<li><a href="https://blogs.wl4gcs.com/archives/953">参考 3: 使用 cloudflare cfssl 手动签发证书</a></li>
<li><a href="http://dockone.io/article/4645">参考 4: kubeadm使用selfhosting模式部署及优缺点</a></li>
<li><a href="https://github1s.com/lework/kainstall/blob/HEAD/kainstall-centos.sh">参考 5: 感谢 https://lework.github.io</a></li>
<li><a href="https://my.oschina.net/u/4197945/blog/5265187">参考 6: istio 生产故障解决</a></li>
<li><a href="https://mirrors.edge.kernel.org/pub/linux/utils/kernel/ipvsadm/">参考 7: ipvsadm mirrors of kernel.org</a></li>
<li><a href="https://blog.csdn.net/qq_33589510/article/details/109205986">参考 8: Virtualbox 使用及添加 iso 系统镜像</a></li>
<li><a href="https://www.zhihu.com/question/33701295">参考 9: 虚拟机 VMware 和 VirtualBox 哪个更好用?</a></li>
<li><a href="https://www.cnblogs.com/kpwong/p/14349349.html">参考 10: 大神写的K8S 二进制安装笔记</a></li>
<li><a href="https://www.cnblogs.com/yanyanqaq/p/12607713.html">参考 11: 超详细 kubernetes 二进制部署</a></li>
</ul>
<h3 id="21">2.1 部署拓扑图<a class="headerlink" href="#21" title="Permanent link">&para;</a></h3>
<ul>
<li>Cluster Name: <code>cn-south1-k8s-t1</code>，(即 China South1 Kubernetes Test Cluster 1 的缩写)，遵循如 <a href="https://aws.com">Aws</a>、<a href="https://cloud.google.com">Gcs</a>、<a href="https://aliyun.com">Aliyun</a> 等云厂商多数据中心命名规范</li>
<li>Cluster Nodes Naming: &lt;ClusterName&gt;<b>.</b>&lt;NodeIP&gt;, for display <code>kubectl get nodes</code></li>
</ul>
<table>
<thead>
<tr>
<th>IP</th>
<th>Host</th>
<th><code>kubelet (--hostname-override)</code></th>
<th>Core Compoents</th>
</tr>
</thead>
<tbody>
<tr>
<td>10.0.0.121</td>
<td>k8s-master-1</td>
<td>cn-south1-k8s-t1.10.0.0.121</td>
<td><a href="https://github.com/etcd-io/etcd">etcd1</a> / <a href="https://github.com/coredns/coredns">coredns</a> / <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-apiserver/apiserver.go">kube-apiserver</a> / <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-controller-manager/controller-manager.go">kube-controller-manager</a> / <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-scheduler/scheduler.go">kube-scheduler</a></td>
</tr>
<tr>
<td>10.0.0.122</td>
<td>k8s-master-2</td>
<td>cn-south1-k8s-t1.10.0.0.122</td>
<td><a href="https://github.com/etcd-io/etcd">etcd2</a> / <a href="https://github.com/coredns/coredns">coredns</a> / <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-apiserver/apiserver.go">kube-apiserver</a> / <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-controller-manager/controller-manager.go">kube-controller-manager</a> / <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-scheduler/scheduler.go">kube-scheduler</a></td>
</tr>
<tr>
<td>10.0.0.123</td>
<td>k8s-master-3</td>
<td>cn-south1-k8s-t1.10.0.0.123</td>
<td><a href="https://github.com/etcd-io/etcd">etcd3</a> / <a href="https://github.com/coredns/coredns">coredns</a> / <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-apiserver/apiserver.go">kube-apiserver</a> / <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-controller-manager/controller-manager.go">kube-controller-manager</a> / <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-scheduler/scheduler.go">kube-scheduler</a></td>
</tr>
<tr>
<td>10.0.0.124</td>
<td>k8s-worker-1</td>
<td>cn-south1-k8s-t1.10.0.0.124</td>
<td><a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kubelet/kubelet.go">kubelet</a> / <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-proxy/proxy.go">kube-proxy</a> / <a href="https://github.com/projectcalico/calico">calico</a> or <a href="https://github.com/flannel-io/flannel">flannel</a> or <a href="https://github.com/clium/clium">clium</a></td>
</tr>
<tr>
<td>10.0.0.125</td>
<td>k8s-worker-2</td>
<td>cn-south1-k8s-t1.10.0.0.125</td>
<td><a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kubelet/kubelet.go">kubelet</a> / <a href="https://github.com/kubernetes/kubernetes/blob/master/cmd/kube-proxy/proxy.go">kube-proxy</a> / <a href="https://github.com/projectcalico/calico">calico</a> or <a href="https://github.com/flannel-io/flannel">flannel</a> or <a href="https://github.com/clium/clium">clium</a></td>
</tr>
</tbody>
</table>
<h3 id="22">2.2 系统配置<a class="headerlink" href="#22" title="Permanent link">&para;</a></h3>
<h4 id="221">2.2.1 系统要求<a class="headerlink" href="#221" title="Permanent link">&para;</a></h4>
<ul>
<li>必须 <a href="https://github.com/torvalds/linux">linux kernel</a> &gt; 3.10，推荐 5.4.0-88-generic + 如：<a href="http://isoredirect.centos.org/centos/7/isos/x86_64/">CentOS 7.9</a>、<a href="http://isoredirect.centos.org/centos/8-stream/isos/x86_64/">CentOS 8 Stream</a>、<a href="https://ubuntu.com/download/desktop/thank-you?version=20.04.3&amp;architecture=amd64">Ubuntu 20.04</a></li>
</ul>
<h4 id="222-ip">2.2.2 配置系统固定 IP (可选，若是可能虚拟机需要，物理机一般机房会安排好)<a class="headerlink" href="#222-ip" title="Permanent link">&para;</a></h4>
<ul>
<li>如 Ubuntu 20 为例，以下配置第一台的 IP，其他机器依次执行，具体请视实际情况而改。</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-0-1" name="__codelineno-0-1"></a><a href="#__codelineno-0-1"><span class="linenos" data-linenos="1 "></span></a><span class="c1"># 备份</span>
<a id="__codelineno-0-2" name="__codelineno-0-2"></a><a href="#__codelineno-0-2"><span class="linenos" data-linenos="2 "></span></a>sudo cp /etc/netplan/01-network-manager-all.yaml /etc/netplan/01-network-manager-all.yaml.bak
<a id="__codelineno-0-3" name="__codelineno-0-3"></a><a href="#__codelineno-0-3"><span class="linenos" data-linenos="3 "></span></a>
<a id="__codelineno-0-4" name="__codelineno-0-4"></a><a href="#__codelineno-0-4"><span class="linenos" data-linenos="4 "></span></a><span class="c1"># 下载</span>
<a id="__codelineno-0-5" name="__codelineno-0-5"></a><a href="#__codelineno-0-5"><span class="linenos" data-linenos="5 "></span></a>sudo curl -4sSkL -o /etc/netplan/01-network-manager-all.yaml https://gitee.com/wl4g/blogs/raw/master/docs/articles/kubernetes/kubernetes-offline-binary-production-deployment/resources/etc/netplan/01-network-manager-all.yaml
<a id="__codelineno-0-6" name="__codelineno-0-6"></a><a href="#__codelineno-0-6"><span class="linenos" data-linenos="6 "></span></a>
<a id="__codelineno-0-7" name="__codelineno-0-7"></a><a href="#__codelineno-0-7"><span class="linenos" data-linenos="7 "></span></a><span class="c1"># 使生效</span>
<a id="__codelineno-0-8" name="__codelineno-0-8"></a><a href="#__codelineno-0-8"><span class="linenos" data-linenos="8 "></span></a>sudo netplan apply --debug
</code></pre></div>
<ul>
<li>如 CentOS 7 为例，以下配置第一台的 IP，其他机器依次执行，具体请视实际情况而改。</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-1-1" name="__codelineno-1-1"></a><a href="#__codelineno-1-1"><span class="linenos" data-linenos="1 "></span></a><span class="c1"># 备份</span>
<a id="__codelineno-1-2" name="__codelineno-1-2"></a><a href="#__codelineno-1-2"><span class="linenos" data-linenos="2 "></span></a>sudo cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.bak
<a id="__codelineno-1-3" name="__codelineno-1-3"></a><a href="#__codelineno-1-3"><span class="linenos" data-linenos="3 "></span></a>
<a id="__codelineno-1-4" name="__codelineno-1-4"></a><a href="#__codelineno-1-4"><span class="linenos" data-linenos="4 "></span></a><span class="c1"># 下载</span>
<a id="__codelineno-1-5" name="__codelineno-1-5"></a><a href="#__codelineno-1-5"><span class="linenos" data-linenos="5 "></span></a>sudo curl -4sSkL -o /etc/sysconfig/network-scripts/ifcfg-eth0 https://gitee.com/wl4g/blogs/raw/master/docs/articles/kubernetes/kubernetes-offline-binary-production-deployment/resources/etc/sysconfig/network-scripts/ifcfg-eth0
<a id="__codelineno-1-6" name="__codelineno-1-6"></a><a href="#__codelineno-1-6"><span class="linenos" data-linenos="6 "></span></a>
<a id="__codelineno-1-7" name="__codelineno-1-7"></a><a href="#__codelineno-1-7"><span class="linenos" data-linenos="7 "></span></a><span class="c1"># 使生效</span>
<a id="__codelineno-1-8" name="__codelineno-1-8"></a><a href="#__codelineno-1-8"><span class="linenos" data-linenos="8 "></span></a>sudo systemctl restart network
</code></pre></div>
<h4 id="223-ssh">2.2.3 SSH 免密 (仅为部署方便)<a class="headerlink" href="#223-ssh" title="Permanent link">&para;</a></h4>
<ul>
<li>
<p>所有 Master 之间、所有 Master 到所有 Nodes 免密即可</p>
</li>
<li>
<p>TODO</p>
</li>
</ul>
<h4 id="224-chrony">2.2.4 所有节点安装 chrony 并配置时钟同步<a class="headerlink" href="#224-chrony" title="Permanent link">&para;</a></h4>
<ul>
<li><a href="https://blogs.wl4gcs.com/archives/1267">生产环境使用 chrony 时钟同步</a></li>
</ul>
<h4 id="225-kernel">2.2.5 kernel 调优<a class="headerlink" href="#225-kernel" title="Permanent link">&para;</a></h4>
<ul>
<li><a href="https://github.com/lework/kainstall/blob/v1.4.5/kainstall-ubuntu.sh#L385">Thanks refer of: kainstall-ubuntu.sh#L385</a></li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-2-1" name="__codelineno-2-1"></a><a href="#__codelineno-2-1"><span class="linenos" data-linenos="1 "></span></a>sudo curl -4sSkL -o /etc/sysctl.d/99-kube.conf https://gitee.com/wl4g/blogs/raw/master/docs/articles/kubernetes/kubernetes-offline-binary-production-deployment/resources/etc/sysctl.d/99-kube.conf
<a id="__codelineno-2-2" name="__codelineno-2-2"></a><a href="#__codelineno-2-2"><span class="linenos" data-linenos="2 "></span></a>
<a id="__codelineno-2-3" name="__codelineno-2-3"></a><a href="#__codelineno-2-3"><span class="linenos" data-linenos="3 "></span></a><span class="c1"># 使生效</span>
<a id="__codelineno-2-4" name="__codelineno-2-4"></a><a href="#__codelineno-2-4"><span class="linenos" data-linenos="4 "></span></a>sudo sysctl -p
<a id="__codelineno-2-5" name="__codelineno-2-5"></a><a href="#__codelineno-2-5"><span class="linenos" data-linenos="5 "></span></a>
<a id="__codelineno-2-6" name="__codelineno-2-6"></a><a href="#__codelineno-2-6"><span class="linenos" data-linenos="6 "></span></a><span class="c1"># 关闭 swap</span>
<a id="__codelineno-2-7" name="__codelineno-2-7"></a><a href="#__codelineno-2-7"><span class="linenos" data-linenos="7 "></span></a>sudo swapoff -a
<a id="__codelineno-2-8" name="__codelineno-2-8"></a><a href="#__codelineno-2-8"><span class="linenos" data-linenos="8 "></span></a>sudo cp /etc/fstab /etc/fstab.bak
<a id="__codelineno-2-9" name="__codelineno-2-9"></a><a href="#__codelineno-2-9"><span class="linenos" data-linenos="9 "></span></a>sudo sed -i <span class="s1">&#39;/swap/d&#39;</span> /etc/fstab <span class="c1"># remove swap line.</span>
</code></pre></div>
<h3 id="23-docker">2.3 各节点部署 <code>docker</code><a class="headerlink" href="#23-docker" title="Permanent link">&para;</a></h3>
<ul>
<li><a href="https://blogs.wl4gcs.com/archives/416">Docker static binary install</a></li>
</ul>
<h3 id="24-etcd">2.4 各节点部署 <code>etcd</code><a class="headerlink" href="#24-etcd" title="Permanent link">&para;</a></h3>
<ul>
<li><a href="https://blogs.wl4gcs.com/archives/972">Etcd deploy</a></li>
</ul>
<h3 id="25-kubernetes">2.5 下载 kubernetes 二进制包并安装<a class="headerlink" href="#25-kubernetes" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><a id="__codelineno-3-1" name="__codelineno-3-1"></a><a href="#__codelineno-3-1"><span class="linenos" data-linenos=" 1 "></span></a><span class="c1"># 创建安装目录</span>
<a id="__codelineno-3-2" name="__codelineno-3-2"></a><a href="#__codelineno-3-2"><span class="linenos" data-linenos=" 2 "></span></a>sudo mkdir -p /usr/lib/kubernetes-current
<a id="__codelineno-3-3" name="__codelineno-3-3"></a><a href="#__codelineno-3-3"><span class="linenos" data-linenos=" 3 "></span></a>
<a id="__codelineno-3-4" name="__codelineno-3-4"></a><a href="#__codelineno-3-4"><span class="linenos" data-linenos=" 4 "></span></a><span class="c1"># 环境配置</span>
<a id="__codelineno-3-5" name="__codelineno-3-5"></a><a href="#__codelineno-3-5"><span class="linenos" data-linenos=" 5 "></span></a>sudo cat <span class="s">&lt;&lt;-&#39;EOF&#39; &gt;/etc/profile.d/profile-kubernetes.sh</span>
<a id="__codelineno-3-6" name="__codelineno-3-6"></a><a href="#__codelineno-3-6"><span class="linenos" data-linenos=" 6 "></span></a><span class="s">#!/bin/bash</span>
<a id="__codelineno-3-7" name="__codelineno-3-7"></a><a href="#__codelineno-3-7"><span class="linenos" data-linenos=" 7 "></span></a><span class="s"># Copyright (c) 2017 ~ 2025, the original author wangl.sir individual Inc,</span>
<a id="__codelineno-3-8" name="__codelineno-3-8"></a><a href="#__codelineno-3-8"><span class="linenos" data-linenos=" 8 "></span></a><span class="s"># All rights reserved. Contact us &lt;wanglsir@gmail.com, 983708408@qq.com&gt;</span>
<a id="__codelineno-3-9" name="__codelineno-3-9"></a><a href="#__codelineno-3-9"><span class="linenos" data-linenos=" 9 "></span></a><span class="s">#</span>
<a id="__codelineno-3-10" name="__codelineno-3-10"></a><a href="#__codelineno-3-10"><span class="linenos" data-linenos="10 "></span></a><span class="s"># Unless required by applicable law or agreed to in writing, software</span>
<a id="__codelineno-3-11" name="__codelineno-3-11"></a><a href="#__codelineno-3-11"><span class="linenos" data-linenos="11 "></span></a><span class="s"># distributed under the License is distributed on an &quot;AS IS&quot; BASIS,</span>
<a id="__codelineno-3-12" name="__codelineno-3-12"></a><a href="#__codelineno-3-12"><span class="linenos" data-linenos="12 "></span></a><span class="s"># WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span>
<a id="__codelineno-3-13" name="__codelineno-3-13"></a><a href="#__codelineno-3-13"><span class="linenos" data-linenos="13 "></span></a><span class="s"># See the License for the specific language governing permissions and</span>
<a id="__codelineno-3-14" name="__codelineno-3-14"></a><a href="#__codelineno-3-14"><span class="linenos" data-linenos="14 "></span></a><span class="s"># limitations under the License.</span>
<a id="__codelineno-3-15" name="__codelineno-3-15"></a><a href="#__codelineno-3-15"><span class="linenos" data-linenos="15 "></span></a><span class="s">#</span>
<a id="__codelineno-3-16" name="__codelineno-3-16"></a><a href="#__codelineno-3-16"><span class="linenos" data-linenos="16 "></span></a><span class="s">export KUBERNETES_HOME=/usr/lib/kubernetes-current</span>
<a id="__codelineno-3-17" name="__codelineno-3-17"></a><a href="#__codelineno-3-17"><span class="linenos" data-linenos="17 "></span></a><span class="s">export PATH=$PATH:$KUBERNETES_HOME:</span>
<a id="__codelineno-3-18" name="__codelineno-3-18"></a><a href="#__codelineno-3-18"><span class="linenos" data-linenos="18 "></span></a><span class="s">EOF</span>
<a id="__codelineno-3-19" name="__codelineno-3-19"></a><a href="#__codelineno-3-19"><span class="linenos" data-linenos="19 "></span></a>
<a id="__codelineno-3-20" name="__codelineno-3-20"></a><a href="#__codelineno-3-20"><span class="linenos" data-linenos="20 "></span></a><span class="c1"># 使生效</span>
<a id="__codelineno-3-21" name="__codelineno-3-21"></a><a href="#__codelineno-3-21"><span class="linenos" data-linenos="21 "></span></a>. /etc/profile
<a id="__codelineno-3-22" name="__codelineno-3-22"></a><a href="#__codelineno-3-22"><span class="linenos" data-linenos="22 "></span></a>
<a id="__codelineno-3-23" name="__codelineno-3-23"></a><a href="#__codelineno-3-23"><span class="linenos" data-linenos="23 "></span></a><span class="c1"># 下载安装包 (https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.22.md#downloads-for-v1222)</span>
<a id="__codelineno-3-24" name="__codelineno-3-24"></a><a href="#__codelineno-3-24"><span class="linenos" data-linenos="24 "></span></a>sudo <span class="nb">cd</span> <span class="nv">$KUBERNETES_HOME</span>
<a id="__codelineno-3-25" name="__codelineno-3-25"></a><a href="#__codelineno-3-25"><span class="linenos" data-linenos="25 "></span></a>sudo curl -o kubernetes-client-linux-arm64.tar.gz -L https://dl.k8s.io/v1.22.2/kubernetes-client-linux-arm64.tar.gz
<a id="__codelineno-3-26" name="__codelineno-3-26"></a><a href="#__codelineno-3-26"><span class="linenos" data-linenos="26 "></span></a>sudo curl -o kubernetes-server-linux-arm64.tar.gz -L https://dl.k8s.io/v1.22.2/kubernetes-server-linux-arm64.tar.gz
<a id="__codelineno-3-27" name="__codelineno-3-27"></a><a href="#__codelineno-3-27"><span class="linenos" data-linenos="27 "></span></a>sudo curl -o kubernetes-node-linux-arm64.tar.gz -L https://dl.k8s.io/v1.22.2/kubernetes-node-linux-arm64.tar.gz
<a id="__codelineno-3-28" name="__codelineno-3-28"></a><a href="#__codelineno-3-28"><span class="linenos" data-linenos="28 "></span></a>sudo tar -xf kubernetes-client-linux-arm64.tar.gz
<a id="__codelineno-3-29" name="__codelineno-3-29"></a><a href="#__codelineno-3-29"><span class="linenos" data-linenos="29 "></span></a>sudo tar -xf kubernetes-server-linux-arm64.tar.gz
<a id="__codelineno-3-30" name="__codelineno-3-30"></a><a href="#__codelineno-3-30"><span class="linenos" data-linenos="30 "></span></a>sudo tar -xf kubernetes-node-linux-arm64.tar.gz
<a id="__codelineno-3-31" name="__codelineno-3-31"></a><a href="#__codelineno-3-31"><span class="linenos" data-linenos="31 "></span></a>sudo mv kubernetes/client/bin/* .
<a id="__codelineno-3-32" name="__codelineno-3-32"></a><a href="#__codelineno-3-32"><span class="linenos" data-linenos="32 "></span></a>sudo mv kubernetes/server/bin/* .
<a id="__codelineno-3-33" name="__codelineno-3-33"></a><a href="#__codelineno-3-33"><span class="linenos" data-linenos="33 "></span></a>sudo mv kubernetes/node/bin/* .
<a id="__codelineno-3-34" name="__codelineno-3-34"></a><a href="#__codelineno-3-34"><span class="linenos" data-linenos="34 "></span></a>
<a id="__codelineno-3-35" name="__codelineno-3-35"></a><a href="#__codelineno-3-35"><span class="linenos" data-linenos="35 "></span></a><span class="c1"># 整理</span>
<a id="__codelineno-3-36" name="__codelineno-3-36"></a><a href="#__codelineno-3-36"><span class="linenos" data-linenos="36 "></span></a>sudo mkdir images<span class="p">;</span> sudo mv *.tar *.docker_tag images
<a id="__codelineno-3-37" name="__codelineno-3-37"></a><a href="#__codelineno-3-37"><span class="linenos" data-linenos="37 "></span></a>sudo rm -rf kubernetes
<a id="__codelineno-3-38" name="__codelineno-3-38"></a><a href="#__codelineno-3-38"><span class="linenos" data-linenos="38 "></span></a>
<a id="__codelineno-3-39" name="__codelineno-3-39"></a><a href="#__codelineno-3-39"><span class="linenos" data-linenos="39 "></span></a><span class="c1"># 软链二进制文件</span>
<a id="__codelineno-3-40" name="__codelineno-3-40"></a><a href="#__codelineno-3-40"><span class="linenos" data-linenos="40 "></span></a><span class="k">for</span> f <span class="k">in</span> <span class="sb">`</span>ls <span class="nv">$KUBERNETES_HOME</span>/<span class="sb">`</span><span class="p">;</span> <span class="k">do</span> <span class="o">[</span> -f <span class="s2">&quot;</span><span class="nv">$f</span><span class="s2">&quot;</span> <span class="o">]</span> <span class="o">&amp;&amp;</span> sudo ln -snf <span class="nv">$KUBERNETES_HOME</span>/<span class="nv">$f</span> /usr/bin/<span class="nv">$f</span><span class="p">;</span> <span class="k">done</span>
</code></pre></div>
<h3 id="26-kubadm">2.6 各节点部署 <code>kubadm</code><a class="headerlink" href="#26-kubadm" title="Permanent link">&para;</a></h3>
<ul>
<li>TODO</li>
</ul>
<h3 id="27-kube-apiserver">2.7 主节点部署 <code>kube-apiserver</code><a class="headerlink" href="#27-kube-apiserver" title="Permanent link">&para;</a></h3>
<h4 id="271-kube-apiserver">2.7.1 签发 <code>kube-apiserver</code> 双向证书<a class="headerlink" href="#271-kube-apiserver" title="Permanent link">&para;</a></h4>
<ul>
<li>/etc/kubernetes/ssl</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-4-1" name="__codelineno-4-1"></a><a href="#__codelineno-4-1"><span class="linenos" data-linenos=" 1 "></span></a>sudo curl -L -o /bin/cfssl https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64
<a id="__codelineno-4-2" name="__codelineno-4-2"></a><a href="#__codelineno-4-2"><span class="linenos" data-linenos=" 2 "></span></a>sudo curl -L -o /bin/cfssljson https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64
<a id="__codelineno-4-3" name="__codelineno-4-3"></a><a href="#__codelineno-4-3"><span class="linenos" data-linenos=" 3 "></span></a>
<a id="__codelineno-4-4" name="__codelineno-4-4"></a><a href="#__codelineno-4-4"><span class="linenos" data-linenos=" 4 "></span></a>sudo chmod +x /bin/cfssl
<a id="__codelineno-4-5" name="__codelineno-4-5"></a><a href="#__codelineno-4-5"><span class="linenos" data-linenos=" 5 "></span></a>sudo chmod +x /bin/cfssljson
<a id="__codelineno-4-6" name="__codelineno-4-6"></a><a href="#__codelineno-4-6"><span class="linenos" data-linenos=" 6 "></span></a><span class="c1"># sudo apt install golang-cfssl</span>
<a id="__codelineno-4-7" name="__codelineno-4-7"></a><a href="#__codelineno-4-7"><span class="linenos" data-linenos=" 7 "></span></a>
<a id="__codelineno-4-8" name="__codelineno-4-8"></a><a href="#__codelineno-4-8"><span class="linenos" data-linenos=" 8 "></span></a>sudo mkdir -p /etc/kubernetes/ssl
<a id="__codelineno-4-9" name="__codelineno-4-9"></a><a href="#__codelineno-4-9"><span class="linenos" data-linenos=" 9 "></span></a>sudo <span class="nb">cd</span> /etc/kubernetes/ssl
<a id="__codelineno-4-10" name="__codelineno-4-10"></a><a href="#__codelineno-4-10"><span class="linenos" data-linenos="10 "></span></a>
<a id="__codelineno-4-11" name="__codelineno-4-11"></a><a href="#__codelineno-4-11"><span class="linenos" data-linenos="11 "></span></a><span class="c1"># Generating config.</span>
<a id="__codelineno-4-12" name="__codelineno-4-12"></a><a href="#__codelineno-4-12"><span class="linenos" data-linenos="12 "></span></a>sudo cat <span class="s">&lt;&lt;-&#39;EOF&#39; &gt;config.json</span>
<a id="__codelineno-4-13" name="__codelineno-4-13"></a><a href="#__codelineno-4-13"><span class="linenos" data-linenos="13 "></span></a><span class="s">{&quot;signing&quot;:{&quot;default&quot;:{&quot;expiry&quot;:&quot;87600h&quot;},&quot;profiles&quot;:{&quot;cn-south1-k8s-t1&quot;:{&quot;usages&quot;:[&quot;signing&quot;,&quot;key encipherment&quot;,&quot;server auth&quot;,&quot;client auth&quot;],&quot;expiry&quot;:&quot;87600h&quot;}}}}</span>
<a id="__codelineno-4-14" name="__codelineno-4-14"></a><a href="#__codelineno-4-14"><span class="linenos" data-linenos="14 "></span></a><span class="s">EOF</span>
<a id="__codelineno-4-15" name="__codelineno-4-15"></a><a href="#__codelineno-4-15"><span class="linenos" data-linenos="15 "></span></a>
<a id="__codelineno-4-16" name="__codelineno-4-16"></a><a href="#__codelineno-4-16"><span class="linenos" data-linenos="16 "></span></a><span class="c1"># Generating CA certificate singing request config.</span>
<a id="__codelineno-4-17" name="__codelineno-4-17"></a><a href="#__codelineno-4-17"><span class="linenos" data-linenos="17 "></span></a>sudo cat <span class="s">&lt;&lt;-&#39;EOF&#39; &gt;ca-csr.json</span>
<a id="__codelineno-4-18" name="__codelineno-4-18"></a><a href="#__codelineno-4-18"><span class="linenos" data-linenos="18 "></span></a><span class="s">{&quot;CN&quot;:&quot;WL4G Root CA cert issuer&quot;,&quot;CA&quot;:{&quot;expiry&quot;:&quot;87600h&quot;,&quot;pathlen&quot;:0},&quot;key&quot;:{&quot;algo&quot;:&quot;rsa&quot;,&quot;size&quot;:2048},&quot;names&quot;:[{&quot;C&quot;:&quot;US&quot;,&quot;L&quot;:&quot;San Francisco 12th street&quot;,&quot;O&quot;:&quot;WL4G company, Inc.&quot;,&quot;OU&quot;:&quot;www dept&quot;,&quot;ST&quot;:&quot;California&quot;}]}</span>
<a id="__codelineno-4-19" name="__codelineno-4-19"></a><a href="#__codelineno-4-19"><span class="linenos" data-linenos="19 "></span></a><span class="s">EOF</span>
<a id="__codelineno-4-20" name="__codelineno-4-20"></a><a href="#__codelineno-4-20"><span class="linenos" data-linenos="20 "></span></a>
<a id="__codelineno-4-21" name="__codelineno-4-21"></a><a href="#__codelineno-4-21"><span class="linenos" data-linenos="21 "></span></a><span class="c1"># Generating apiserver certificate singing request config.</span>
<a id="__codelineno-4-22" name="__codelineno-4-22"></a><a href="#__codelineno-4-22"><span class="linenos" data-linenos="22 "></span></a>sudo cat <span class="s">&lt;&lt;-&#39;EOF&#39; &gt;apiserver-csr.json</span>
<a id="__codelineno-4-23" name="__codelineno-4-23"></a><a href="#__codelineno-4-23"><span class="linenos" data-linenos="23 "></span></a><span class="s">{&quot;hosts&quot;:[&quot;127.0.0.1&quot;,&quot;192.168.0.1&quot;,&quot;10.0.0.121&quot;,&quot;10.0.0.122&quot;,&quot;10.0.0.123&quot;,&quot;kubernetes.default&quot;,&quot;kubernetes.default.svc&quot;,&quot;kubernetes.default.svc.cluster&quot;,&quot;kubernetes.default.svc.cluster.local&quot;,&quot;https://k8s.wl4gcs.com&quot;,&quot;https://n1.k8s.wl4gcs.com&quot;,&quot;https://n2.k8s.wl4gcs.com&quot;,&quot;https://n3.k8s.wl4gcs.com&quot;],&quot;CN&quot;:&quot;wl4g.com&quot;,&quot;key&quot;:{&quot;algo&quot;:&quot;rsa&quot;,&quot;size&quot;:2048},&quot;names&quot;:[{&quot;C&quot;:&quot;CN&quot;,&quot;L&quot;:&quot;GuangZhou 6th street&quot;,&quot;O&quot;:&quot;SM, Inc.&quot;,&quot;OU&quot;:&quot;WWW dept&quot;,&quot;ST&quot;:&quot;GuangDong&quot;}]}</span>
<a id="__codelineno-4-24" name="__codelineno-4-24"></a><a href="#__codelineno-4-24"><span class="linenos" data-linenos="24 "></span></a><span class="s">EOF</span>
<a id="__codelineno-4-25" name="__codelineno-4-25"></a><a href="#__codelineno-4-25"><span class="linenos" data-linenos="25 "></span></a>
<a id="__codelineno-4-26" name="__codelineno-4-26"></a><a href="#__codelineno-4-26"><span class="linenos" data-linenos="26 "></span></a><span class="c1"># Generating apiserver client certificate singing request config.</span>
<a id="__codelineno-4-27" name="__codelineno-4-27"></a><a href="#__codelineno-4-27"><span class="linenos" data-linenos="27 "></span></a>sudo cat <span class="s">&lt;&lt;-&#39;EOF&#39; &gt;apiserver-client-csr.json</span>
<a id="__codelineno-4-28" name="__codelineno-4-28"></a><a href="#__codelineno-4-28"><span class="linenos" data-linenos="28 "></span></a><span class="s">{&quot;hosts&quot;:[],&quot;CN&quot;:&quot;wl4g.com&quot;,&quot;key&quot;:{&quot;algo&quot;:&quot;rsa&quot;,&quot;size&quot;:2048},&quot;names&quot;:[{&quot;C&quot;:&quot;CN&quot;,&quot;L&quot;:&quot;GuangZhou 6th street&quot;,&quot;O&quot;:&quot;SM, Inc.&quot;,&quot;OU&quot;:&quot;WWW dept&quot;,&quot;ST&quot;:&quot;GuangDong&quot;}]}</span>
<a id="__codelineno-4-29" name="__codelineno-4-29"></a><a href="#__codelineno-4-29"><span class="linenos" data-linenos="29 "></span></a><span class="s">EOF</span>
<a id="__codelineno-4-30" name="__codelineno-4-30"></a><a href="#__codelineno-4-30"><span class="linenos" data-linenos="30 "></span></a>
<a id="__codelineno-4-31" name="__codelineno-4-31"></a><a href="#__codelineno-4-31"><span class="linenos" data-linenos="31 "></span></a><span class="c1"># Generating CA certificate.</span>
<a id="__codelineno-4-32" name="__codelineno-4-32"></a><a href="#__codelineno-4-32"><span class="linenos" data-linenos="32 "></span></a>sudo cfssl genkey -initca ca-csr.json <span class="p">|</span> cfssljson -bare ca
<a id="__codelineno-4-33" name="__codelineno-4-33"></a><a href="#__codelineno-4-33"><span class="linenos" data-linenos="33 "></span></a>
<a id="__codelineno-4-34" name="__codelineno-4-34"></a><a href="#__codelineno-4-34"><span class="linenos" data-linenos="34 "></span></a><span class="c1"># Generating apiserver certificate.</span>
<a id="__codelineno-4-35" name="__codelineno-4-35"></a><a href="#__codelineno-4-35"><span class="linenos" data-linenos="35 "></span></a>sudo cfssl gencert -ca<span class="o">=</span>ca.pem -ca-key<span class="o">=</span>ca-key.pem -config<span class="o">=</span>config.json -profile<span class="o">=</span>cn-south1-k8s-t1 apiserver-csr.json <span class="p">|</span> cfssljson -bare apiserver
<a id="__codelineno-4-36" name="__codelineno-4-36"></a><a href="#__codelineno-4-36"><span class="linenos" data-linenos="36 "></span></a>
<a id="__codelineno-4-37" name="__codelineno-4-37"></a><a href="#__codelineno-4-37"><span class="linenos" data-linenos="37 "></span></a><span class="c1"># Generating apiserver client certificate.</span>
<a id="__codelineno-4-38" name="__codelineno-4-38"></a><a href="#__codelineno-4-38"><span class="linenos" data-linenos="38 "></span></a>sudo cfssl gencert -ca<span class="o">=</span>ca.pem -ca-key<span class="o">=</span>ca-key.pem -config<span class="o">=</span>config.json -profile<span class="o">=</span>cn-south1-k8s-t1 apiserver-client-csr.json <span class="p">|</span> cfssljson -bare apiserver-client
<a id="__codelineno-4-39" name="__codelineno-4-39"></a><a href="#__codelineno-4-39"><span class="linenos" data-linenos="39 "></span></a>
<a id="__codelineno-4-40" name="__codelineno-4-40"></a><a href="#__codelineno-4-40"><span class="linenos" data-linenos="40 "></span></a><span class="c1"># Print CA and apiserver and client certificate.</span>
<a id="__codelineno-4-41" name="__codelineno-4-41"></a><a href="#__codelineno-4-41"><span class="linenos" data-linenos="41 "></span></a>sudo openssl x509 -in ca.pem -noout -text
<a id="__codelineno-4-42" name="__codelineno-4-42"></a><a href="#__codelineno-4-42"><span class="linenos" data-linenos="42 "></span></a>sudo openssl x509 -in apiserver.pem -noout -text
<a id="__codelineno-4-43" name="__codelineno-4-43"></a><a href="#__codelineno-4-43"><span class="linenos" data-linenos="43 "></span></a>sudo openssl x509 -in apiserver-client.pem -noout -text
<a id="__codelineno-4-44" name="__codelineno-4-44"></a><a href="#__codelineno-4-44"><span class="linenos" data-linenos="44 "></span></a>
<a id="__codelineno-4-45" name="__codelineno-4-45"></a><a href="#__codelineno-4-45"><span class="linenos" data-linenos="45 "></span></a><span class="c1"># Copy to other nodes directory.</span>
<a id="__codelineno-4-46" name="__codelineno-4-46"></a><a href="#__codelineno-4-46"><span class="linenos" data-linenos="46 "></span></a>sudo ssh k8s@k8s-master-2 <span class="s2">&quot;sudo mkdir -p /etc/kubernetes/ssl&quot;</span>
<a id="__codelineno-4-47" name="__codelineno-4-47"></a><a href="#__codelineno-4-47"><span class="linenos" data-linenos="47 "></span></a>sudo ssh k8s@k8s-master-3 <span class="s2">&quot;sudo mkdir -p /etc/kubernetes/ssl&quot;</span>
<a id="__codelineno-4-48" name="__codelineno-4-48"></a><a href="#__codelineno-4-48"><span class="linenos" data-linenos="48 "></span></a>sudo ssh k8s@k8s-worker-1 <span class="s2">&quot;sudo mkdir -p /etc/kubernetes/ssl&quot;</span>
<a id="__codelineno-4-49" name="__codelineno-4-49"></a><a href="#__codelineno-4-49"><span class="linenos" data-linenos="49 "></span></a>sudo ssh k8s@k8s-worker-2 <span class="s2">&quot;sudo mkdir -p /etc/kubernetes/ssl&quot;</span>
<a id="__codelineno-4-50" name="__codelineno-4-50"></a><a href="#__codelineno-4-50"><span class="linenos" data-linenos="50 "></span></a>sudo scp -r *.pem k8s@k8s-master-2:/etc/kubernetes/ssl
<a id="__codelineno-4-51" name="__codelineno-4-51"></a><a href="#__codelineno-4-51"><span class="linenos" data-linenos="51 "></span></a>sudo scp -r *.pem k8s@k8s-master-3:/etc/kubernetes/ssl
<a id="__codelineno-4-52" name="__codelineno-4-52"></a><a href="#__codelineno-4-52"><span class="linenos" data-linenos="52 "></span></a>sudo scp -r *-client-*.pem k8s@k8s-worker-1:/etc/kubernetes/ssl<span class="p">;</span> sudo scp -r ca.pem k8s@k8s-worker-1:/etc/kubernetes/ssl
<a id="__codelineno-4-53" name="__codelineno-4-53"></a><a href="#__codelineno-4-53"><span class="linenos" data-linenos="53 "></span></a>sudo scp -r *-client-*.pem k8s@k8s-worker-2:/etc/kubernetes/ssl<span class="p">;</span> sudo scp -r ca.pem k8s@k8s-worker-2:/etc/kubernetes/ssl
</code></pre></div>
<h4 id="272-kube-apiserver-systemd">2.7.2 配置 <code>kube-apiserver</code> systemd<a class="headerlink" href="#272-kube-apiserver-systemd" title="Permanent link">&para;</a></h4>
<ul>
<li>/etc/systemd/system/kube-apiserver.service</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-5-1" name="__codelineno-5-1"></a><a href="#__codelineno-5-1"><span class="linenos" data-linenos=" 1 "></span></a>sudo cat <span class="s">&lt;&lt;-&#39;EOF&#39; &gt; /etc/systemd/system/kube-apiserver.service</span>
<a id="__codelineno-5-2" name="__codelineno-5-2"></a><a href="#__codelineno-5-2"><span class="linenos" data-linenos=" 2 "></span></a><span class="s">[Unit]</span>
<a id="__codelineno-5-3" name="__codelineno-5-3"></a><a href="#__codelineno-5-3"><span class="linenos" data-linenos=" 3 "></span></a><span class="s">Description=kubernetes API Server</span>
<a id="__codelineno-5-4" name="__codelineno-5-4"></a><a href="#__codelineno-5-4"><span class="linenos" data-linenos=" 4 "></span></a><span class="s">Documentation=https://v1-21.docs.kubernetes.io/zh/docs/reference/command-line-tools-reference/kube-apiserver/</span>
<a id="__codelineno-5-5" name="__codelineno-5-5"></a><a href="#__codelineno-5-5"><span class="linenos" data-linenos=" 5 "></span></a><span class="s">After=network.target</span>
<a id="__codelineno-5-6" name="__codelineno-5-6"></a><a href="#__codelineno-5-6"><span class="linenos" data-linenos=" 6 "></span></a>
<a id="__codelineno-5-7" name="__codelineno-5-7"></a><a href="#__codelineno-5-7"><span class="linenos" data-linenos=" 7 "></span></a><span class="s">[Service]</span>
<a id="__codelineno-5-8" name="__codelineno-5-8"></a><a href="#__codelineno-5-8"><span class="linenos" data-linenos=" 8 "></span></a><span class="s">ExecStart=/usr/bin/kube-apiserver \</span>
<a id="__codelineno-5-9" name="__codelineno-5-9"></a><a href="#__codelineno-5-9"><span class="linenos" data-linenos=" 9 "></span></a><span class="s">  --audit-log-maxbackup=10 \</span>
<a id="__codelineno-5-10" name="__codelineno-5-10"></a><a href="#__codelineno-5-10"><span class="linenos" data-linenos="10 "></span></a><span class="s">  --audit-log-maxsize=100 \</span>
<a id="__codelineno-5-11" name="__codelineno-5-11"></a><a href="#__codelineno-5-11"><span class="linenos" data-linenos="11 "></span></a><span class="s">  --audit-log-path=/var/log/kubernetes/kubernetes.audit \</span>
<a id="__codelineno-5-12" name="__codelineno-5-12"></a><a href="#__codelineno-5-12"><span class="linenos" data-linenos="12 "></span></a><span class="s">  --audit-log-maxage=30 \</span>
<a id="__codelineno-5-13" name="__codelineno-5-13"></a><a href="#__codelineno-5-13"><span class="linenos" data-linenos="13 "></span></a><span class="s">  --audit-policy-file=/etc/kubernetes/audit-policy.yaml \</span>
<a id="__codelineno-5-14" name="__codelineno-5-14"></a><a href="#__codelineno-5-14"><span class="linenos" data-linenos="14 "></span></a><span class="s">  --apiserver-count=3 \</span>
<a id="__codelineno-5-15" name="__codelineno-5-15"></a><a href="#__codelineno-5-15"><span class="linenos" data-linenos="15 "></span></a><span class="s">  --endpoint-reconciler-type=lease \</span>
<a id="__codelineno-5-16" name="__codelineno-5-16"></a><a href="#__codelineno-5-16"><span class="linenos" data-linenos="16 "></span></a><span class="s">  --enable-aggregator-routing=true \</span>
<a id="__codelineno-5-17" name="__codelineno-5-17"></a><a href="#__codelineno-5-17"><span class="linenos" data-linenos="17 "></span></a><span class="s">  --runtime-config=admissionregistration.k8s.io/v1 \</span>
<a id="__codelineno-5-18" name="__codelineno-5-18"></a><a href="#__codelineno-5-18"><span class="linenos" data-linenos="18 "></span></a><span class="s">  --advertise-address=10.0.0.121 \</span>
<a id="__codelineno-5-19" name="__codelineno-5-19"></a><a href="#__codelineno-5-19"><span class="linenos" data-linenos="19 "></span></a><span class="s">  --allow-privileged=true \</span>
<a id="__codelineno-5-20" name="__codelineno-5-20"></a><a href="#__codelineno-5-20"><span class="linenos" data-linenos="20 "></span></a><span class="s">  --authorization-mode=Node,RBAC \</span>
<a id="__codelineno-5-21" name="__codelineno-5-21"></a><a href="#__codelineno-5-21"><span class="linenos" data-linenos="21 "></span></a><span class="s">  --authorization-mode=AlwaysAllow \</span>
<a id="__codelineno-5-22" name="__codelineno-5-22"></a><a href="#__codelineno-5-22"><span class="linenos" data-linenos="22 "></span></a><span class="s">  --client-ca-file=/etc/kubernetes/ssl/ca.pem \</span>
<a id="__codelineno-5-23" name="__codelineno-5-23"></a><a href="#__codelineno-5-23"><span class="linenos" data-linenos="23 "></span></a><span class="s">  --enable-admission-plugins=NodeRestriction,PodSecurityPolicy,NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NamespaceExists,MutatingAdmissionWebhook,ValidatingAdmissionWebhook \</span>
<a id="__codelineno-5-24" name="__codelineno-5-24"></a><a href="#__codelineno-5-24"><span class="linenos" data-linenos="24 "></span></a><span class="s">  --enable-bootstrap-token-auth=true \</span>
<a id="__codelineno-5-25" name="__codelineno-5-25"></a><a href="#__codelineno-5-25"><span class="linenos" data-linenos="25 "></span></a><span class="s">  --token-auth-file=/etc/kubernetes/token.csv \</span>
<a id="__codelineno-5-26" name="__codelineno-5-26"></a><a href="#__codelineno-5-26"><span class="linenos" data-linenos="26 "></span></a><span class="s">  --etcd-cafile=/etc/etcd/ssl/ca.pem \</span>
<a id="__codelineno-5-27" name="__codelineno-5-27"></a><a href="#__codelineno-5-27"><span class="linenos" data-linenos="27 "></span></a><span class="s">  --etcd-certfile=/etc/etcd/ssl/etcd.pem \</span>
<a id="__codelineno-5-28" name="__codelineno-5-28"></a><a href="#__codelineno-5-28"><span class="linenos" data-linenos="28 "></span></a><span class="s">  --etcd-keyfile=/etc/etcd/ssl/etcd-key.pem \</span>
<a id="__codelineno-5-29" name="__codelineno-5-29"></a><a href="#__codelineno-5-29"><span class="linenos" data-linenos="29 "></span></a><span class="s">  --etcd-prefix=cn-south1-k8s-t1 \</span>
<a id="__codelineno-5-30" name="__codelineno-5-30"></a><a href="#__codelineno-5-30"><span class="linenos" data-linenos="30 "></span></a><span class="s">  --etcd-servers=https://10.0.0.121:2379,https://10.0.0.122:2379,https://10.0.0.123:2379 \</span>
<a id="__codelineno-5-31" name="__codelineno-5-31"></a><a href="#__codelineno-5-31"><span class="linenos" data-linenos="31 "></span></a><span class="s">  --insecure-port=0 \</span>
<a id="__codelineno-5-32" name="__codelineno-5-32"></a><a href="#__codelineno-5-32"><span class="linenos" data-linenos="32 "></span></a><span class="s">  --kubelet-client-certificate=/etc/kubernetes/ssl/k8s.pem \</span>
<a id="__codelineno-5-33" name="__codelineno-5-33"></a><a href="#__codelineno-5-33"><span class="linenos" data-linenos="33 "></span></a><span class="s">  --kubelet-client-key=/etc/kubernetes/ssl/k8s-key.pem \</span>
<a id="__codelineno-5-34" name="__codelineno-5-34"></a><a href="#__codelineno-5-34"><span class="linenos" data-linenos="34 "></span></a><span class="s">  --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname \</span>
<a id="__codelineno-5-35" name="__codelineno-5-35"></a><a href="#__codelineno-5-35"><span class="linenos" data-linenos="35 "></span></a><span class="s">  --profiling=false \</span>
<a id="__codelineno-5-36" name="__codelineno-5-36"></a><a href="#__codelineno-5-36"><span class="linenos" data-linenos="36 "></span></a><span class="s">  --proxy-client-cert-file=/etc/kubernetes/ssl/k8s.pem \</span>
<a id="__codelineno-5-37" name="__codelineno-5-37"></a><a href="#__codelineno-5-37"><span class="linenos" data-linenos="37 "></span></a><span class="s">  --proxy-client-key-file=/etc/kubernetes/ssl/k8s-key.pem \</span>
<a id="__codelineno-5-38" name="__codelineno-5-38"></a><a href="#__codelineno-5-38"><span class="linenos" data-linenos="38 "></span></a><span class="s">  --requestheader-allowed-names=sunwuu.com \</span>
<a id="__codelineno-5-39" name="__codelineno-5-39"></a><a href="#__codelineno-5-39"><span class="linenos" data-linenos="39 "></span></a><span class="s">  --requestheader-client-ca-file=/etc/kubernetes/ssl/k8s.pem \</span>
<a id="__codelineno-5-40" name="__codelineno-5-40"></a><a href="#__codelineno-5-40"><span class="linenos" data-linenos="40 "></span></a><span class="s">  --requestheader-extra-headers-prefix=X-Remote-Extra- \</span>
<a id="__codelineno-5-41" name="__codelineno-5-41"></a><a href="#__codelineno-5-41"><span class="linenos" data-linenos="41 "></span></a><span class="s">  --requestheader-group-headers=X-Remote-Group \</span>
<a id="__codelineno-5-42" name="__codelineno-5-42"></a><a href="#__codelineno-5-42"><span class="linenos" data-linenos="42 "></span></a><span class="s">  --requestheader-username-headers=X-Remote-User \</span>
<a id="__codelineno-5-43" name="__codelineno-5-43"></a><a href="#__codelineno-5-43"><span class="linenos" data-linenos="43 "></span></a><span class="s">  --secure-port=6443 \</span>
<a id="__codelineno-5-44" name="__codelineno-5-44"></a><a href="#__codelineno-5-44"><span class="linenos" data-linenos="44 "></span></a><span class="s">  --service-account-issuer=kubernetes.default.svc \</span>
<a id="__codelineno-5-45" name="__codelineno-5-45"></a><a href="#__codelineno-5-45"><span class="linenos" data-linenos="45 "></span></a><span class="s">  --service-account-key-file=/etc/kubernetes/ssl/k8s.pem \</span>
<a id="__codelineno-5-46" name="__codelineno-5-46"></a><a href="#__codelineno-5-46"><span class="linenos" data-linenos="46 "></span></a><span class="s">  --service-account-signing-key-file=/etc/kubernetes/ssl/k8s-key.pem \</span>
<a id="__codelineno-5-47" name="__codelineno-5-47"></a><a href="#__codelineno-5-47"><span class="linenos" data-linenos="47 "></span></a><span class="s">  --service-cluster-ip-range=192.168.0.0/16 \</span>
<a id="__codelineno-5-48" name="__codelineno-5-48"></a><a href="#__codelineno-5-48"><span class="linenos" data-linenos="48 "></span></a><span class="s">  --service-node-port-range=30000-32767 \</span>
<a id="__codelineno-5-49" name="__codelineno-5-49"></a><a href="#__codelineno-5-49"><span class="linenos" data-linenos="49 "></span></a><span class="s">  --tls-cert-file=/etc/kubernetes/ssl/k8s.pem \</span>
<a id="__codelineno-5-50" name="__codelineno-5-50"></a><a href="#__codelineno-5-50"><span class="linenos" data-linenos="50 "></span></a><span class="s">  --tls-private-key-file=/etc/kubernetes/ssl/k8s-key.pem \</span>
<a id="__codelineno-5-51" name="__codelineno-5-51"></a><a href="#__codelineno-5-51"><span class="linenos" data-linenos="51 "></span></a><span class="s">  --v=3</span>
<a id="__codelineno-5-52" name="__codelineno-5-52"></a><a href="#__codelineno-5-52"><span class="linenos" data-linenos="52 "></span></a>
<a id="__codelineno-5-53" name="__codelineno-5-53"></a><a href="#__codelineno-5-53"><span class="linenos" data-linenos="53 "></span></a><span class="s">User=root</span>
<a id="__codelineno-5-54" name="__codelineno-5-54"></a><a href="#__codelineno-5-54"><span class="linenos" data-linenos="54 "></span></a><span class="s">Group=root</span>
<a id="__codelineno-5-55" name="__codelineno-5-55"></a><a href="#__codelineno-5-55"><span class="linenos" data-linenos="55 "></span></a><span class="s">Restart=always</span>
<a id="__codelineno-5-56" name="__codelineno-5-56"></a><a href="#__codelineno-5-56"><span class="linenos" data-linenos="56 "></span></a><span class="s">RestartSec=5</span>
<a id="__codelineno-5-57" name="__codelineno-5-57"></a><a href="#__codelineno-5-57"><span class="linenos" data-linenos="57 "></span></a><span class="s">Type=notify</span>
<a id="__codelineno-5-58" name="__codelineno-5-58"></a><a href="#__codelineno-5-58"><span class="linenos" data-linenos="58 "></span></a><span class="s">LimitNOFILE=65536</span>
<a id="__codelineno-5-59" name="__codelineno-5-59"></a><a href="#__codelineno-5-59"><span class="linenos" data-linenos="59 "></span></a>
<a id="__codelineno-5-60" name="__codelineno-5-60"></a><a href="#__codelineno-5-60"><span class="linenos" data-linenos="60 "></span></a><span class="s">[Install]</span>
<a id="__codelineno-5-61" name="__codelineno-5-61"></a><a href="#__codelineno-5-61"><span class="linenos" data-linenos="61 "></span></a><span class="s">WantedBy=multi-user.target</span>
<a id="__codelineno-5-62" name="__codelineno-5-62"></a><a href="#__codelineno-5-62"><span class="linenos" data-linenos="62 "></span></a><span class="s">EOF</span>
<a id="__codelineno-5-63" name="__codelineno-5-63"></a><a href="#__codelineno-5-63"><span class="linenos" data-linenos="63 "></span></a>
<a id="__codelineno-5-64" name="__codelineno-5-64"></a><a href="#__codelineno-5-64"><span class="linenos" data-linenos="64 "></span></a>sudo systemctl daemon-reload
<a id="__codelineno-5-65" name="__codelineno-5-65"></a><a href="#__codelineno-5-65"><span class="linenos" data-linenos="65 "></span></a>sudo systemctl <span class="nb">enable</span> kube-apiserver
<a id="__codelineno-5-66" name="__codelineno-5-66"></a><a href="#__codelineno-5-66"><span class="linenos" data-linenos="66 "></span></a>sudo systemctl restart kube-apiserver
<a id="__codelineno-5-67" name="__codelineno-5-67"></a><a href="#__codelineno-5-67"><span class="linenos" data-linenos="67 "></span></a>sudo systemctl status kube-apiserver
</code></pre></div>
<h3 id="28-kube-controller-manager">2.8 主节点部署 <code>kube-controller-manager</code><a class="headerlink" href="#28-kube-controller-manager" title="Permanent link">&para;</a></h3>
<h4 id="281-kube-controller-manager-systemd">2.8.1 配置 <code>kube-controller-manager</code> systemd<a class="headerlink" href="#281-kube-controller-manager-systemd" title="Permanent link">&para;</a></h4>
<ul>
<li>/etc/systemd/system/kube-controller-manager.service</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-6-1" name="__codelineno-6-1"></a><a href="#__codelineno-6-1"><span class="linenos" data-linenos=" 1 "></span></a>sudo cat <span class="s">&lt;&lt;-&#39;EOF&#39; &gt; /etc/systemd/system/kube-controller-manager.service</span>
<a id="__codelineno-6-2" name="__codelineno-6-2"></a><a href="#__codelineno-6-2"><span class="linenos" data-linenos=" 2 "></span></a><span class="s">[Unit]</span>
<a id="__codelineno-6-3" name="__codelineno-6-3"></a><a href="#__codelineno-6-3"><span class="linenos" data-linenos=" 3 "></span></a><span class="s">Description=kubernetes API Server</span>
<a id="__codelineno-6-4" name="__codelineno-6-4"></a><a href="#__codelineno-6-4"><span class="linenos" data-linenos=" 4 "></span></a><span class="s">Documentation=https://v1-21.docs.kubernetes.io/zh/docs/reference/command-line-tools-reference/kube-controller-manager/</span>
<a id="__codelineno-6-5" name="__codelineno-6-5"></a><a href="#__codelineno-6-5"><span class="linenos" data-linenos=" 5 "></span></a><span class="s">After=network.target</span>
<a id="__codelineno-6-6" name="__codelineno-6-6"></a><a href="#__codelineno-6-6"><span class="linenos" data-linenos=" 6 "></span></a>
<a id="__codelineno-6-7" name="__codelineno-6-7"></a><a href="#__codelineno-6-7"><span class="linenos" data-linenos=" 7 "></span></a><span class="s">[Service]</span>
<a id="__codelineno-6-8" name="__codelineno-6-8"></a><a href="#__codelineno-6-8"><span class="linenos" data-linenos=" 8 "></span></a><span class="s">ExecStart=/usr/bin/kube-controller-manager \</span>
<a id="__codelineno-6-9" name="__codelineno-6-9"></a><a href="#__codelineno-6-9"><span class="linenos" data-linenos=" 9 "></span></a><span class="s">  --address=127.0.0.1 \</span>
<a id="__codelineno-6-10" name="__codelineno-6-10"></a><a href="#__codelineno-6-10"><span class="linenos" data-linenos="10 "></span></a><span class="s">  --master=http://10.0.0.121:8080 \</span>
<a id="__codelineno-6-11" name="__codelineno-6-11"></a><a href="#__codelineno-6-11"><span class="linenos" data-linenos="11 "></span></a><span class="s">  --allocate-node-cidrs=true \</span>
<a id="__codelineno-6-12" name="__codelineno-6-12"></a><a href="#__codelineno-6-12"><span class="linenos" data-linenos="12 "></span></a><span class="s">  --service-cluster-ip-range=10.254.0.0/16 \</span>
<a id="__codelineno-6-13" name="__codelineno-6-13"></a><a href="#__codelineno-6-13"><span class="linenos" data-linenos="13 "></span></a><span class="s">  --cluster-cidr=10.233.0.0/16 \</span>
<a id="__codelineno-6-14" name="__codelineno-6-14"></a><a href="#__codelineno-6-14"><span class="linenos" data-linenos="14 "></span></a><span class="s">  --cluster-name=cn-south1-k8s-t1 \</span>
<a id="__codelineno-6-15" name="__codelineno-6-15"></a><a href="#__codelineno-6-15"><span class="linenos" data-linenos="15 "></span></a><span class="s">  --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem \</span>
<a id="__codelineno-6-16" name="__codelineno-6-16"></a><a href="#__codelineno-6-16"><span class="linenos" data-linenos="16 "></span></a><span class="s">  --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem \</span>
<a id="__codelineno-6-17" name="__codelineno-6-17"></a><a href="#__codelineno-6-17"><span class="linenos" data-linenos="17 "></span></a><span class="s">  --service-account-private-key-file=/etc/kubernetes/ssl/k8s-key.pem \</span>
<a id="__codelineno-6-18" name="__codelineno-6-18"></a><a href="#__codelineno-6-18"><span class="linenos" data-linenos="18 "></span></a><span class="s">  --root-ca-file=/etc/kubernetes/ssl/k8s.pem \</span>
<a id="__codelineno-6-19" name="__codelineno-6-19"></a><a href="#__codelineno-6-19"><span class="linenos" data-linenos="19 "></span></a><span class="s">  --leader-elect=true \</span>
<a id="__codelineno-6-20" name="__codelineno-6-20"></a><a href="#__codelineno-6-20"><span class="linenos" data-linenos="20 "></span></a><span class="s">  --v=3</span>
<a id="__codelineno-6-21" name="__codelineno-6-21"></a><a href="#__codelineno-6-21"><span class="linenos" data-linenos="21 "></span></a>
<a id="__codelineno-6-22" name="__codelineno-6-22"></a><a href="#__codelineno-6-22"><span class="linenos" data-linenos="22 "></span></a><span class="s">User=root</span>
<a id="__codelineno-6-23" name="__codelineno-6-23"></a><a href="#__codelineno-6-23"><span class="linenos" data-linenos="23 "></span></a><span class="s">Group=root</span>
<a id="__codelineno-6-24" name="__codelineno-6-24"></a><a href="#__codelineno-6-24"><span class="linenos" data-linenos="24 "></span></a><span class="s">Restart=always</span>
<a id="__codelineno-6-25" name="__codelineno-6-25"></a><a href="#__codelineno-6-25"><span class="linenos" data-linenos="25 "></span></a><span class="s">RestartSec=5</span>
<a id="__codelineno-6-26" name="__codelineno-6-26"></a><a href="#__codelineno-6-26"><span class="linenos" data-linenos="26 "></span></a><span class="s">Type=notify</span>
<a id="__codelineno-6-27" name="__codelineno-6-27"></a><a href="#__codelineno-6-27"><span class="linenos" data-linenos="27 "></span></a><span class="s">LimitNOFILE=65536</span>
<a id="__codelineno-6-28" name="__codelineno-6-28"></a><a href="#__codelineno-6-28"><span class="linenos" data-linenos="28 "></span></a>
<a id="__codelineno-6-29" name="__codelineno-6-29"></a><a href="#__codelineno-6-29"><span class="linenos" data-linenos="29 "></span></a><span class="s">[Install]</span>
<a id="__codelineno-6-30" name="__codelineno-6-30"></a><a href="#__codelineno-6-30"><span class="linenos" data-linenos="30 "></span></a><span class="s">WantedBy=multi-user.target</span>
<a id="__codelineno-6-31" name="__codelineno-6-31"></a><a href="#__codelineno-6-31"><span class="linenos" data-linenos="31 "></span></a><span class="s">EOF</span>
<a id="__codelineno-6-32" name="__codelineno-6-32"></a><a href="#__codelineno-6-32"><span class="linenos" data-linenos="32 "></span></a>
<a id="__codelineno-6-33" name="__codelineno-6-33"></a><a href="#__codelineno-6-33"><span class="linenos" data-linenos="33 "></span></a>sudo systemctl daemon-reload
<a id="__codelineno-6-34" name="__codelineno-6-34"></a><a href="#__codelineno-6-34"><span class="linenos" data-linenos="34 "></span></a>sudo systemctl <span class="nb">enable</span> kube-controller-manager
<a id="__codelineno-6-35" name="__codelineno-6-35"></a><a href="#__codelineno-6-35"><span class="linenos" data-linenos="35 "></span></a>sudo systemctl restart kube-controller-manager
<a id="__codelineno-6-36" name="__codelineno-6-36"></a><a href="#__codelineno-6-36"><span class="linenos" data-linenos="36 "></span></a>sudo systemctl status kube-controller-manager
</code></pre></div>
<h3 id="29-kube-scheduler">2.9 主节点部署 <code>kube-scheduler</code><a class="headerlink" href="#29-kube-scheduler" title="Permanent link">&para;</a></h3>
<h4 id="291-kube-scheduler-systemd">2.9.1 配置  <code>kube-scheduler</code> systemd<a class="headerlink" href="#291-kube-scheduler-systemd" title="Permanent link">&para;</a></h4>
<ul>
<li>/etc/systemd/system/kube-scheduler.service</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-7-1" name="__codelineno-7-1"></a><a href="#__codelineno-7-1"><span class="linenos" data-linenos=" 1 "></span></a>sudo cat <span class="s">&lt;&lt;-&#39;EOF&#39; &gt; /etc/systemd/system/kube-scheduler.service</span>
<a id="__codelineno-7-2" name="__codelineno-7-2"></a><a href="#__codelineno-7-2"><span class="linenos" data-linenos=" 2 "></span></a><span class="s">[Unit]</span>
<a id="__codelineno-7-3" name="__codelineno-7-3"></a><a href="#__codelineno-7-3"><span class="linenos" data-linenos=" 3 "></span></a><span class="s">Description=kubernetes API Server</span>
<a id="__codelineno-7-4" name="__codelineno-7-4"></a><a href="#__codelineno-7-4"><span class="linenos" data-linenos=" 4 "></span></a><span class="s">Documentation=https://v1-21.docs.kubernetes.io/zh/docs/reference/command-line-tools-reference/kube-scheduler/</span>
<a id="__codelineno-7-5" name="__codelineno-7-5"></a><a href="#__codelineno-7-5"><span class="linenos" data-linenos=" 5 "></span></a><span class="s">After=network.target</span>
<a id="__codelineno-7-6" name="__codelineno-7-6"></a><a href="#__codelineno-7-6"><span class="linenos" data-linenos=" 6 "></span></a>
<a id="__codelineno-7-7" name="__codelineno-7-7"></a><a href="#__codelineno-7-7"><span class="linenos" data-linenos=" 7 "></span></a><span class="s">[Service]</span>
<a id="__codelineno-7-8" name="__codelineno-7-8"></a><a href="#__codelineno-7-8"><span class="linenos" data-linenos=" 8 "></span></a><span class="s">ExecStart=/usr/bin/kube-scheduler \</span>
<a id="__codelineno-7-9" name="__codelineno-7-9"></a><a href="#__codelineno-7-9"><span class="linenos" data-linenos=" 9 "></span></a><span class="s">  --address=127.0.0.1 \</span>
<a id="__codelineno-7-10" name="__codelineno-7-10"></a><a href="#__codelineno-7-10"><span class="linenos" data-linenos="10 "></span></a><span class="s">  --master=http://10.0.0.121:8080 \</span>
<a id="__codelineno-7-11" name="__codelineno-7-11"></a><a href="#__codelineno-7-11"><span class="linenos" data-linenos="11 "></span></a><span class="s">  --leader-elect=true \</span>
<a id="__codelineno-7-12" name="__codelineno-7-12"></a><a href="#__codelineno-7-12"><span class="linenos" data-linenos="12 "></span></a><span class="s">  --v=3</span>
<a id="__codelineno-7-13" name="__codelineno-7-13"></a><a href="#__codelineno-7-13"><span class="linenos" data-linenos="13 "></span></a>
<a id="__codelineno-7-14" name="__codelineno-7-14"></a><a href="#__codelineno-7-14"><span class="linenos" data-linenos="14 "></span></a><span class="s">User=root</span>
<a id="__codelineno-7-15" name="__codelineno-7-15"></a><a href="#__codelineno-7-15"><span class="linenos" data-linenos="15 "></span></a><span class="s">Group=root</span>
<a id="__codelineno-7-16" name="__codelineno-7-16"></a><a href="#__codelineno-7-16"><span class="linenos" data-linenos="16 "></span></a><span class="s">Restart=always</span>
<a id="__codelineno-7-17" name="__codelineno-7-17"></a><a href="#__codelineno-7-17"><span class="linenos" data-linenos="17 "></span></a><span class="s">RestartSec=5</span>
<a id="__codelineno-7-18" name="__codelineno-7-18"></a><a href="#__codelineno-7-18"><span class="linenos" data-linenos="18 "></span></a><span class="s">Type=notify</span>
<a id="__codelineno-7-19" name="__codelineno-7-19"></a><a href="#__codelineno-7-19"><span class="linenos" data-linenos="19 "></span></a><span class="s">LimitNOFILE=65536</span>
<a id="__codelineno-7-20" name="__codelineno-7-20"></a><a href="#__codelineno-7-20"><span class="linenos" data-linenos="20 "></span></a>
<a id="__codelineno-7-21" name="__codelineno-7-21"></a><a href="#__codelineno-7-21"><span class="linenos" data-linenos="21 "></span></a><span class="s">[Install]</span>
<a id="__codelineno-7-22" name="__codelineno-7-22"></a><a href="#__codelineno-7-22"><span class="linenos" data-linenos="22 "></span></a><span class="s">WantedBy=multi-user.target</span>
<a id="__codelineno-7-23" name="__codelineno-7-23"></a><a href="#__codelineno-7-23"><span class="linenos" data-linenos="23 "></span></a><span class="s">EOF</span>
<a id="__codelineno-7-24" name="__codelineno-7-24"></a><a href="#__codelineno-7-24"><span class="linenos" data-linenos="24 "></span></a>
<a id="__codelineno-7-25" name="__codelineno-7-25"></a><a href="#__codelineno-7-25"><span class="linenos" data-linenos="25 "></span></a>sudo systemctl daemon-reload
<a id="__codelineno-7-26" name="__codelineno-7-26"></a><a href="#__codelineno-7-26"><span class="linenos" data-linenos="26 "></span></a>sudo systemctl <span class="nb">enable</span> kube-scheduler
<a id="__codelineno-7-27" name="__codelineno-7-27"></a><a href="#__codelineno-7-27"><span class="linenos" data-linenos="27 "></span></a>sudo systemctl restart kube-scheduler
<a id="__codelineno-7-28" name="__codelineno-7-28"></a><a href="#__codelineno-7-28"><span class="linenos" data-linenos="28 "></span></a>sudo systemctl status kube-scheduler
</code></pre></div>
<h3 id="210-coredns">2.10 主节点部署 <code>coredns</code><a class="headerlink" href="#210-coredns" title="Permanent link">&para;</a></h3>
<h4 id="2101-coredns-systemd">2.10.1 配置 <code>coredns</code> systemd<a class="headerlink" href="#2101-coredns-systemd" title="Permanent link">&para;</a></h4>
<ul>
<li>/etc/systemd/system/coredns.service</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-8-1" name="__codelineno-8-1"></a><a href="#__codelineno-8-1"><span class="linenos" data-linenos=" 1 "></span></a>sudo cat <span class="s">&lt;&lt;-&#39;EOF&#39; &gt; /etc/systemd/system/coredns.service</span>
<a id="__codelineno-8-2" name="__codelineno-8-2"></a><a href="#__codelineno-8-2"><span class="linenos" data-linenos=" 2 "></span></a><span class="s">[Unit]</span>
<a id="__codelineno-8-3" name="__codelineno-8-3"></a><a href="#__codelineno-8-3"><span class="linenos" data-linenos=" 3 "></span></a><span class="s">Description=CoreDNS Server Service</span>
<a id="__codelineno-8-4" name="__codelineno-8-4"></a><a href="#__codelineno-8-4"><span class="linenos" data-linenos=" 4 "></span></a><span class="s">After=network.target</span>
<a id="__codelineno-8-5" name="__codelineno-8-5"></a><a href="#__codelineno-8-5"><span class="linenos" data-linenos=" 5 "></span></a>
<a id="__codelineno-8-6" name="__codelineno-8-6"></a><a href="#__codelineno-8-6"><span class="linenos" data-linenos=" 6 "></span></a><span class="s">[Service]</span>
<a id="__codelineno-8-7" name="__codelineno-8-7"></a><a href="#__codelineno-8-7"><span class="linenos" data-linenos=" 7 "></span></a><span class="s">Type=fork</span>
<a id="__codelineno-8-8" name="__codelineno-8-8"></a><a href="#__codelineno-8-8"><span class="linenos" data-linenos=" 8 "></span></a><span class="s">User=root</span>
<a id="__codelineno-8-9" name="__codelineno-8-9"></a><a href="#__codelineno-8-9"><span class="linenos" data-linenos=" 9 "></span></a><span class="s">Group=root</span>
<a id="__codelineno-8-10" name="__codelineno-8-10"></a><a href="#__codelineno-8-10"><span class="linenos" data-linenos="10 "></span></a><span class="s">Restart=always</span>
<a id="__codelineno-8-11" name="__codelineno-8-11"></a><a href="#__codelineno-8-11"><span class="linenos" data-linenos="11 "></span></a><span class="s">RestartSec=5s</span>
<a id="__codelineno-8-12" name="__codelineno-8-12"></a><a href="#__codelineno-8-12"><span class="linenos" data-linenos="12 "></span></a><span class="s">ExecStart=bash -c &quot;/usr/bin/coredns -conf /etc/coredns/Corefile&quot;</span>
<a id="__codelineno-8-13" name="__codelineno-8-13"></a><a href="#__codelineno-8-13"><span class="linenos" data-linenos="13 "></span></a><span class="s">ExecReload=/bin/kill -s HUP $MAINPID</span>
<a id="__codelineno-8-14" name="__codelineno-8-14"></a><a href="#__codelineno-8-14"><span class="linenos" data-linenos="14 "></span></a><span class="s">StandardOutput=/mnt/disk1/log/coredns/coredns.out</span>
<a id="__codelineno-8-15" name="__codelineno-8-15"></a><a href="#__codelineno-8-15"><span class="linenos" data-linenos="15 "></span></a><span class="s">StandardError=journal</span>
<a id="__codelineno-8-16" name="__codelineno-8-16"></a><a href="#__codelineno-8-16"><span class="linenos" data-linenos="16 "></span></a>
<a id="__codelineno-8-17" name="__codelineno-8-17"></a><a href="#__codelineno-8-17"><span class="linenos" data-linenos="17 "></span></a><span class="s">[Install]</span>
<a id="__codelineno-8-18" name="__codelineno-8-18"></a><a href="#__codelineno-8-18"><span class="linenos" data-linenos="18 "></span></a><span class="s">WantedBy=multi-user.target</span>
<a id="__codelineno-8-19" name="__codelineno-8-19"></a><a href="#__codelineno-8-19"><span class="linenos" data-linenos="19 "></span></a><span class="s">EOF</span>
<a id="__codelineno-8-20" name="__codelineno-8-20"></a><a href="#__codelineno-8-20"><span class="linenos" data-linenos="20 "></span></a>
<a id="__codelineno-8-21" name="__codelineno-8-21"></a><a href="#__codelineno-8-21"><span class="linenos" data-linenos="21 "></span></a>sudo systemctl daemon-reload
<a id="__codelineno-8-22" name="__codelineno-8-22"></a><a href="#__codelineno-8-22"><span class="linenos" data-linenos="22 "></span></a>sudo systemctl <span class="nb">enable</span> coredns
<a id="__codelineno-8-23" name="__codelineno-8-23"></a><a href="#__codelineno-8-23"><span class="linenos" data-linenos="23 "></span></a>sudo systemctl restart coredns
<a id="__codelineno-8-24" name="__codelineno-8-24"></a><a href="#__codelineno-8-24"><span class="linenos" data-linenos="24 "></span></a>sudo systemctl status coredns
</code></pre></div>
<h3 id="211-kubelet">2.11 各节点部署 <code>kubelet</code><a class="headerlink" href="#211-kubelet" title="Permanent link">&para;</a></h3>
<h4 id="2111-kubelet">2.11.1 自签发 <code>kubelet</code> 证书<a class="headerlink" href="#2111-kubelet" title="Permanent link">&para;</a></h4>
<ul>
<li>/etc/kubernetes/ssl</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-9-1" name="__codelineno-9-1"></a><a href="#__codelineno-9-1"><span class="linenos" data-linenos=" 1 "></span></a>sudo curl -o /bin/cfssl -L https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssl_1.6.1_linux_amd64
<a id="__codelineno-9-2" name="__codelineno-9-2"></a><a href="#__codelineno-9-2"><span class="linenos" data-linenos=" 2 "></span></a>sudo curl -o /bin/cfssljson -L https://github.com/cloudflare/cfssl/releases/download/v1.6.1/cfssljson_1.6.1_linux_amd64
<a id="__codelineno-9-3" name="__codelineno-9-3"></a><a href="#__codelineno-9-3"><span class="linenos" data-linenos=" 3 "></span></a>sudo chmod +x /bin/cfssl
<a id="__codelineno-9-4" name="__codelineno-9-4"></a><a href="#__codelineno-9-4"><span class="linenos" data-linenos=" 4 "></span></a>sudo chmod +x /bin/cfssljson
<a id="__codelineno-9-5" name="__codelineno-9-5"></a><a href="#__codelineno-9-5"><span class="linenos" data-linenos=" 5 "></span></a><span class="c1">#或 sudo apt install golang-cfssl</span>
<a id="__codelineno-9-6" name="__codelineno-9-6"></a><a href="#__codelineno-9-6"><span class="linenos" data-linenos=" 6 "></span></a>
<a id="__codelineno-9-7" name="__codelineno-9-7"></a><a href="#__codelineno-9-7"><span class="linenos" data-linenos=" 7 "></span></a>sudo mkdir -p /etc/kubernetes/ssl<span class="p">;</span> <span class="nb">cd</span> /etc/kubernetes/ssl
<a id="__codelineno-9-8" name="__codelineno-9-8"></a><a href="#__codelineno-9-8"><span class="linenos" data-linenos=" 8 "></span></a>
<a id="__codelineno-9-9" name="__codelineno-9-9"></a><a href="#__codelineno-9-9"><span class="linenos" data-linenos=" 9 "></span></a><span class="c1"># Generating config.</span>
<a id="__codelineno-9-10" name="__codelineno-9-10"></a><a href="#__codelineno-9-10"><span class="linenos" data-linenos="10 "></span></a>sudo cat <span class="s">&lt;&lt;-&#39;EOF&#39; &gt;config.json</span>
<a id="__codelineno-9-11" name="__codelineno-9-11"></a><a href="#__codelineno-9-11"><span class="linenos" data-linenos="11 "></span></a><span class="s">{&quot;signing&quot;:{&quot;default&quot;:{&quot;expiry&quot;:&quot;87600h&quot;},&quot;profiles&quot;:{&quot;k8s-cluster-t1&quot;:{&quot;usages&quot;:[&quot;signing&quot;,&quot;key encipherment&quot;,&quot;server auth&quot;,&quot;client auth&quot;],&quot;expiry&quot;:&quot;87600h&quot;}}}}</span>
<a id="__codelineno-9-12" name="__codelineno-9-12"></a><a href="#__codelineno-9-12"><span class="linenos" data-linenos="12 "></span></a><span class="s">EOF</span>
<a id="__codelineno-9-13" name="__codelineno-9-13"></a><a href="#__codelineno-9-13"><span class="linenos" data-linenos="13 "></span></a>
<a id="__codelineno-9-14" name="__codelineno-9-14"></a><a href="#__codelineno-9-14"><span class="linenos" data-linenos="14 "></span></a><span class="c1"># Generating CA certificate singing request config.</span>
<a id="__codelineno-9-15" name="__codelineno-9-15"></a><a href="#__codelineno-9-15"><span class="linenos" data-linenos="15 "></span></a>sudo cat <span class="s">&lt;&lt;-&#39;EOF&#39; &gt;ca-csr.json</span>
<a id="__codelineno-9-16" name="__codelineno-9-16"></a><a href="#__codelineno-9-16"><span class="linenos" data-linenos="16 "></span></a><span class="s">{&quot;CN&quot;:&quot;WL4G Root CA cert issuer&quot;,&quot;CA&quot;:{&quot;expiry&quot;:&quot;87600h&quot;,&quot;pathlen&quot;:0},&quot;key&quot;:{&quot;algo&quot;:&quot;rsa&quot;,&quot;size&quot;:2048},&quot;names&quot;:[{&quot;C&quot;:&quot;US&quot;,&quot;L&quot;:&quot;San Francisco 12th street&quot;,&quot;O&quot;:&quot;WL4G company, Inc.&quot;,&quot;OU&quot;:&quot;www dept&quot;,&quot;ST&quot;:&quot;California&quot;}]}</span>
<a id="__codelineno-9-17" name="__codelineno-9-17"></a><a href="#__codelineno-9-17"><span class="linenos" data-linenos="17 "></span></a><span class="s">EOF</span>
<a id="__codelineno-9-18" name="__codelineno-9-18"></a><a href="#__codelineno-9-18"><span class="linenos" data-linenos="18 "></span></a>
<a id="__codelineno-9-19" name="__codelineno-9-19"></a><a href="#__codelineno-9-19"><span class="linenos" data-linenos="19 "></span></a><span class="c1"># Generating k8s certificate singing request config.</span>
<a id="__codelineno-9-20" name="__codelineno-9-20"></a><a href="#__codelineno-9-20"><span class="linenos" data-linenos="20 "></span></a>sudo cat <span class="s">&lt;&lt;-&#39;EOF&#39; &gt;k8s-csr.json</span>
<a id="__codelineno-9-21" name="__codelineno-9-21"></a><a href="#__codelineno-9-21"><span class="linenos" data-linenos="21 "></span></a><span class="s">{&quot;hosts&quot;:[&quot;10.0.0.121&quot;,&quot;10.0.0.122&quot;,&quot;10.0.0.123&quot;,&quot;k8s-master-1&quot;,&quot;k8s-master-2&quot;,&quot;k8s-master-3&quot;,&quot;https://k8s.wl4gcs.com&quot;,&quot;https://n1.k8s.wl4gcs.com&quot;,&quot;https://n2.k8s.wl4gcs.com&quot;,&quot;https://n3.k8s.wl4gcs.com&quot;,&quot;127.0.0.1&quot;],&quot;CN&quot;:&quot;wl4g.com&quot;,&quot;key&quot;:{&quot;algo&quot;:&quot;rsa&quot;,&quot;size&quot;:2048},&quot;names&quot;:[{&quot;C&quot;:&quot;CN&quot;,&quot;L&quot;:&quot;GuangZhou 6th street&quot;,&quot;O&quot;:&quot;SM, Inc.&quot;,&quot;OU&quot;:&quot;WWW dept&quot;,&quot;ST&quot;:&quot;GuangDong&quot;}]}</span>
<a id="__codelineno-9-22" name="__codelineno-9-22"></a><a href="#__codelineno-9-22"><span class="linenos" data-linenos="22 "></span></a><span class="s">EOF</span>
<a id="__codelineno-9-23" name="__codelineno-9-23"></a><a href="#__codelineno-9-23"><span class="linenos" data-linenos="23 "></span></a>
<a id="__codelineno-9-24" name="__codelineno-9-24"></a><a href="#__codelineno-9-24"><span class="linenos" data-linenos="24 "></span></a><span class="c1"># Generating CA certificate.</span>
<a id="__codelineno-9-25" name="__codelineno-9-25"></a><a href="#__codelineno-9-25"><span class="linenos" data-linenos="25 "></span></a>sudo cfssl genkey -initca ca-csr.json <span class="p">|</span> cfssljson -bare ca
<a id="__codelineno-9-26" name="__codelineno-9-26"></a><a href="#__codelineno-9-26"><span class="linenos" data-linenos="26 "></span></a>
<a id="__codelineno-9-27" name="__codelineno-9-27"></a><a href="#__codelineno-9-27"><span class="linenos" data-linenos="27 "></span></a><span class="c1"># Generating k8s certificate.</span>
<a id="__codelineno-9-28" name="__codelineno-9-28"></a><a href="#__codelineno-9-28"><span class="linenos" data-linenos="28 "></span></a>sudo cfssl gencert -ca<span class="o">=</span>ca.pem -ca-key<span class="o">=</span>ca-key.pem -config<span class="o">=</span>config.json -profile<span class="o">=</span>k8s-cluster-t1 k8s-csr.json <span class="p">|</span> cfssljson -bare k8s
<a id="__codelineno-9-29" name="__codelineno-9-29"></a><a href="#__codelineno-9-29"><span class="linenos" data-linenos="29 "></span></a>
<a id="__codelineno-9-30" name="__codelineno-9-30"></a><a href="#__codelineno-9-30"><span class="linenos" data-linenos="30 "></span></a><span class="c1"># Print CA and etcd certificate.</span>
<a id="__codelineno-9-31" name="__codelineno-9-31"></a><a href="#__codelineno-9-31"><span class="linenos" data-linenos="31 "></span></a>sudo openssl x509 -in k8s-key.pem -noout -text
<a id="__codelineno-9-32" name="__codelineno-9-32"></a><a href="#__codelineno-9-32"><span class="linenos" data-linenos="32 "></span></a>sudo openssl x509 -in k8s.pem -noout -text
<a id="__codelineno-9-33" name="__codelineno-9-33"></a><a href="#__codelineno-9-33"><span class="linenos" data-linenos="33 "></span></a>
<a id="__codelineno-9-34" name="__codelineno-9-34"></a><a href="#__codelineno-9-34"><span class="linenos" data-linenos="34 "></span></a><span class="c1"># Copy to other nodes directory.</span>
<a id="__codelineno-9-35" name="__codelineno-9-35"></a><a href="#__codelineno-9-35"><span class="linenos" data-linenos="35 "></span></a>sudo scp -r  /etc/kubernetes/ssl k8s-master-2:/etc/kubernetes
<a id="__codelineno-9-36" name="__codelineno-9-36"></a><a href="#__codelineno-9-36"><span class="linenos" data-linenos="36 "></span></a>sudo scp -r  /etc/kubernetes/ssl k8s-master-3:/etc/kubernetes
<a id="__codelineno-9-37" name="__codelineno-9-37"></a><a href="#__codelineno-9-37"><span class="linenos" data-linenos="37 "></span></a>sudo scp -r  /etc/kubernetes/ssl k8s-worker-1:/etc/kubernetes
</code></pre></div>
<h4 id="2112-kubelet-systemd">2.11.2 配置 <code>kubelet</code> systemd<a class="headerlink" href="#2112-kubelet-systemd" title="Permanent link">&para;</a></h4>
<ul>
<li>/etc/systemd/system/kubelet.service</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-10-1" name="__codelineno-10-1"></a><a href="#__codelineno-10-1"><span class="linenos" data-linenos=" 1 "></span></a>sudo cat <span class="s">&lt;&lt;-&#39;EOF&#39; &gt; /etc/systemd/system/kubelet.service</span>
<a id="__codelineno-10-2" name="__codelineno-10-2"></a><a href="#__codelineno-10-2"><span class="linenos" data-linenos=" 2 "></span></a><span class="s">[Unit]</span>
<a id="__codelineno-10-3" name="__codelineno-10-3"></a><a href="#__codelineno-10-3"><span class="linenos" data-linenos=" 3 "></span></a><span class="s">Description=kubernetes API Server</span>
<a id="__codelineno-10-4" name="__codelineno-10-4"></a><a href="#__codelineno-10-4"><span class="linenos" data-linenos=" 4 "></span></a><span class="s">Documentation=https://v1-21.docs.kubernetes.io/zh/docs/reference/command-line-tools-reference/kubelet/</span>
<a id="__codelineno-10-5" name="__codelineno-10-5"></a><a href="#__codelineno-10-5"><span class="linenos" data-linenos=" 5 "></span></a><span class="s">After=network.target</span>
<a id="__codelineno-10-6" name="__codelineno-10-6"></a><a href="#__codelineno-10-6"><span class="linenos" data-linenos=" 6 "></span></a>
<a id="__codelineno-10-7" name="__codelineno-10-7"></a><a href="#__codelineno-10-7"><span class="linenos" data-linenos=" 7 "></span></a><span class="s">[Service]</span>
<a id="__codelineno-10-8" name="__codelineno-10-8"></a><a href="#__codelineno-10-8"><span class="linenos" data-linenos=" 8 "></span></a><span class="s">/ExecStart=/usr/bin/kubelet \</span>
<a id="__codelineno-10-9" name="__codelineno-10-9"></a><a href="#__codelineno-10-9"><span class="linenos" data-linenos=" 9 "></span></a><span class="s">--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \</span>
<a id="__codelineno-10-10" name="__codelineno-10-10"></a><a href="#__codelineno-10-10"><span class="linenos" data-linenos="10 "></span></a><span class="s">--kubeconfig=/etc/kubernetes/kubelet.conf \</span>
<a id="__codelineno-10-11" name="__codelineno-10-11"></a><a href="#__codelineno-10-11"><span class="linenos" data-linenos="11 "></span></a><span class="s">--max-pods 64 \</span>
<a id="__codelineno-10-12" name="__codelineno-10-12"></a><a href="#__codelineno-10-12"><span class="linenos" data-linenos="12 "></span></a><span class="s">--pod-max-pids 16384 \</span>
<a id="__codelineno-10-13" name="__codelineno-10-13"></a><a href="#__codelineno-10-13"><span class="linenos" data-linenos="13 "></span></a><span class="s">--pod-manifest-path=/etc/kubernetes/manifests \</span>
<a id="__codelineno-10-14" name="__codelineno-10-14"></a><a href="#__codelineno-10-14"><span class="linenos" data-linenos="14 "></span></a><span class="s">--network-plugin=cni \</span>
<a id="__codelineno-10-15" name="__codelineno-10-15"></a><a href="#__codelineno-10-15"><span class="linenos" data-linenos="15 "></span></a><span class="s">--cni-conf-dir=/etc/cni/net.d \</span>
<a id="__codelineno-10-16" name="__codelineno-10-16"></a><a href="#__codelineno-10-16"><span class="linenos" data-linenos="16 "></span></a><span class="s">--cni-bin-dir=/opt/cni/bin \</span>
<a id="__codelineno-10-17" name="__codelineno-10-17"></a><a href="#__codelineno-10-17"><span class="linenos" data-linenos="17 "></span></a><span class="s">--dynamic-config-dir=/etc/kubernetes/kubelet-config \</span>
<a id="__codelineno-10-18" name="__codelineno-10-18"></a><a href="#__codelineno-10-18"><span class="linenos" data-linenos="18 "></span></a><span class="s">--enable-controller-attach-detach=true \</span>
<a id="__codelineno-10-19" name="__codelineno-10-19"></a><a href="#__codelineno-10-19"><span class="linenos" data-linenos="19 "></span></a><span class="s">--cluster-dns=191.168.0.10 \</span>
<a id="__codelineno-10-20" name="__codelineno-10-20"></a><a href="#__codelineno-10-20"><span class="linenos" data-linenos="20 "></span></a><span class="s">--pod-infra-container-image=gcr.io/pause:3.5 \</span>
<a id="__codelineno-10-21" name="__codelineno-10-21"></a><a href="#__codelineno-10-21"><span class="linenos" data-linenos="21 "></span></a><span class="s">--enable-load-reader \</span>
<a id="__codelineno-10-22" name="__codelineno-10-22"></a><a href="#__codelineno-10-22"><span class="linenos" data-linenos="22 "></span></a><span class="s">--cluster-domain=cluster.local \</span>
<a id="__codelineno-10-23" name="__codelineno-10-23"></a><a href="#__codelineno-10-23"><span class="linenos" data-linenos="23 "></span></a><span class="s">--hostname-override=cn-south1-k8s-t1.10.0.0.121 \</span>
<a id="__codelineno-10-24" name="__codelineno-10-24"></a><a href="#__codelineno-10-24"><span class="linenos" data-linenos="24 "></span></a><span class="s">--authorization-mode=Webhook \</span>
<a id="__codelineno-10-25" name="__codelineno-10-25"></a><a href="#__codelineno-10-25"><span class="linenos" data-linenos="25 "></span></a><span class="s">--authentication-token-webhook=true \</span>
<a id="__codelineno-10-26" name="__codelineno-10-26"></a><a href="#__codelineno-10-26"><span class="linenos" data-linenos="26 "></span></a><span class="s">--anonymous-auth=false \</span>
<a id="__codelineno-10-27" name="__codelineno-10-27"></a><a href="#__codelineno-10-27"><span class="linenos" data-linenos="27 "></span></a><span class="s">--client-ca-file=/etc/kubernetes/ssl/ca.pem \</span>
<a id="__codelineno-10-28" name="__codelineno-10-28"></a><a href="#__codelineno-10-28"><span class="linenos" data-linenos="28 "></span></a><span class="s">--cgroup-driver=systemd \</span>
<a id="__codelineno-10-29" name="__codelineno-10-29"></a><a href="#__codelineno-10-29"><span class="linenos" data-linenos="29 "></span></a><span class="s">--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256 \</span>
<a id="__codelineno-10-30" name="__codelineno-10-30"></a><a href="#__codelineno-10-30"><span class="linenos" data-linenos="30 "></span></a><span class="s">--tls-cert-file=/etc/kubernetes/ssl/k8s.pem \</span>
<a id="__codelineno-10-31" name="__codelineno-10-31"></a><a href="#__codelineno-10-31"><span class="linenos" data-linenos="31 "></span></a><span class="s">--tls-private-key-file=/etc/kubernetes/ssl/k8s-key.pem \</span>
<a id="__codelineno-10-32" name="__codelineno-10-32"></a><a href="#__codelineno-10-32"><span class="linenos" data-linenos="32 "></span></a><span class="s">--rotate-certificates=true \</span>
<a id="__codelineno-10-33" name="__codelineno-10-33"></a><a href="#__codelineno-10-33"><span class="linenos" data-linenos="33 "></span></a><span class="s">--cert-dir=/etc/kubernetes/ssl/kubelet \</span>
<a id="__codelineno-10-34" name="__codelineno-10-34"></a><a href="#__codelineno-10-34"><span class="linenos" data-linenos="34 "></span></a><span class="s">--system-reserved=memory=300Mi \</span>
<a id="__codelineno-10-35" name="__codelineno-10-35"></a><a href="#__codelineno-10-35"><span class="linenos" data-linenos="35 "></span></a><span class="s">--kube-reserved=memory=400Mi \</span>
<a id="__codelineno-10-36" name="__codelineno-10-36"></a><a href="#__codelineno-10-36"><span class="linenos" data-linenos="36 "></span></a><span class="s">--kube-reserved=pid=1000 \</span>
<a id="__codelineno-10-37" name="__codelineno-10-37"></a><a href="#__codelineno-10-37"><span class="linenos" data-linenos="37 "></span></a><span class="s">--system-reserved=pid=1000 \</span>
<a id="__codelineno-10-38" name="__codelineno-10-38"></a><a href="#__codelineno-10-38"><span class="linenos" data-linenos="38 "></span></a><span class="s">--v=3</span>
<a id="__codelineno-10-39" name="__codelineno-10-39"></a><a href="#__codelineno-10-39"><span class="linenos" data-linenos="39 "></span></a>
<a id="__codelineno-10-40" name="__codelineno-10-40"></a><a href="#__codelineno-10-40"><span class="linenos" data-linenos="40 "></span></a><span class="s">User=root</span>
<a id="__codelineno-10-41" name="__codelineno-10-41"></a><a href="#__codelineno-10-41"><span class="linenos" data-linenos="41 "></span></a><span class="s">Group=root</span>
<a id="__codelineno-10-42" name="__codelineno-10-42"></a><a href="#__codelineno-10-42"><span class="linenos" data-linenos="42 "></span></a><span class="s">Restart=always</span>
<a id="__codelineno-10-43" name="__codelineno-10-43"></a><a href="#__codelineno-10-43"><span class="linenos" data-linenos="43 "></span></a><span class="s">RestartSec=5</span>
<a id="__codelineno-10-44" name="__codelineno-10-44"></a><a href="#__codelineno-10-44"><span class="linenos" data-linenos="44 "></span></a><span class="s">Type=notify</span>
<a id="__codelineno-10-45" name="__codelineno-10-45"></a><a href="#__codelineno-10-45"><span class="linenos" data-linenos="45 "></span></a><span class="s">LimitNOFILE=65536</span>
<a id="__codelineno-10-46" name="__codelineno-10-46"></a><a href="#__codelineno-10-46"><span class="linenos" data-linenos="46 "></span></a>
<a id="__codelineno-10-47" name="__codelineno-10-47"></a><a href="#__codelineno-10-47"><span class="linenos" data-linenos="47 "></span></a><span class="s">[Install]</span>
<a id="__codelineno-10-48" name="__codelineno-10-48"></a><a href="#__codelineno-10-48"><span class="linenos" data-linenos="48 "></span></a><span class="s">WantedBy=multi-user.target</span>
<a id="__codelineno-10-49" name="__codelineno-10-49"></a><a href="#__codelineno-10-49"><span class="linenos" data-linenos="49 "></span></a><span class="s">EOF</span>
<a id="__codelineno-10-50" name="__codelineno-10-50"></a><a href="#__codelineno-10-50"><span class="linenos" data-linenos="50 "></span></a>
<a id="__codelineno-10-51" name="__codelineno-10-51"></a><a href="#__codelineno-10-51"><span class="linenos" data-linenos="51 "></span></a>sudo systemctl daemon-reload
<a id="__codelineno-10-52" name="__codelineno-10-52"></a><a href="#__codelineno-10-52"><span class="linenos" data-linenos="52 "></span></a>sudo systemctl <span class="nb">enable</span> kubelet
<a id="__codelineno-10-53" name="__codelineno-10-53"></a><a href="#__codelineno-10-53"><span class="linenos" data-linenos="53 "></span></a>sudo systemctl restart kubelet
<a id="__codelineno-10-54" name="__codelineno-10-54"></a><a href="#__codelineno-10-54"><span class="linenos" data-linenos="54 "></span></a>sudo systemctl status kubelet
</code></pre></div>
<h3 id="212-kube-proxy">2.12 各节点部署 <code>kube-proxy</code><a class="headerlink" href="#212-kube-proxy" title="Permanent link">&para;</a></h3>
<h4 id="2121-kube-proxy-systemd">2.12.1 配置 <code>kube-proxy</code> systemd<a class="headerlink" href="#2121-kube-proxy-systemd" title="Permanent link">&para;</a></h4>
<ul>
<li>/etc/systemd/system/kube-proxy.service</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-11-1" name="__codelineno-11-1"></a><a href="#__codelineno-11-1"><span class="linenos" data-linenos=" 1 "></span></a>sudo cat <span class="s">&lt;&lt;-&#39;EOF&#39; &gt; /etc/systemd/system/kube-proxy.service</span>
<a id="__codelineno-11-2" name="__codelineno-11-2"></a><a href="#__codelineno-11-2"><span class="linenos" data-linenos=" 2 "></span></a><span class="s">[Unit]</span>
<a id="__codelineno-11-3" name="__codelineno-11-3"></a><a href="#__codelineno-11-3"><span class="linenos" data-linenos=" 3 "></span></a><span class="s">Description=Kubernetes Proxy</span>
<a id="__codelineno-11-4" name="__codelineno-11-4"></a><a href="#__codelineno-11-4"><span class="linenos" data-linenos=" 4 "></span></a><span class="s">Documentation=https://v1-21.docs.kubernetes.io/zh/docs/reference/command-line-tools-reference/kube-proxy/</span>
<a id="__codelineno-11-5" name="__codelineno-11-5"></a><a href="#__codelineno-11-5"><span class="linenos" data-linenos=" 5 "></span></a><span class="s">After=network.target</span>
<a id="__codelineno-11-6" name="__codelineno-11-6"></a><a href="#__codelineno-11-6"><span class="linenos" data-linenos=" 6 "></span></a>
<a id="__codelineno-11-7" name="__codelineno-11-7"></a><a href="#__codelineno-11-7"><span class="linenos" data-linenos=" 7 "></span></a><span class="s">[Service]</span>
<a id="__codelineno-11-8" name="__codelineno-11-8"></a><a href="#__codelineno-11-8"><span class="linenos" data-linenos=" 8 "></span></a><span class="s">ExecStart=/usr/bin/kube-proxy \</span>
<a id="__codelineno-11-9" name="__codelineno-11-9"></a><a href="#__codelineno-11-9"><span class="linenos" data-linenos=" 9 "></span></a><span class="s">  --bind-address=10.0.0.121 \</span>
<a id="__codelineno-11-10" name="__codelineno-11-10"></a><a href="#__codelineno-11-10"><span class="linenos" data-linenos="10 "></span></a><span class="s">  --hostname-override=cn-south1-k8s-t1.10.0.0.121 \</span>
<a id="__codelineno-11-11" name="__codelineno-11-11"></a><a href="#__codelineno-11-11"><span class="linenos" data-linenos="11 "></span></a><span class="s">  --cluster-cidr=10.254.0.0/16 \</span>
<a id="__codelineno-11-12" name="__codelineno-11-12"></a><a href="#__codelineno-11-12"><span class="linenos" data-linenos="12 "></span></a><span class="s">  --kubeconfig=/etc/kubernetes/kube-proxy.kubeconfig \</span>
<a id="__codelineno-11-13" name="__codelineno-11-13"></a><a href="#__codelineno-11-13"><span class="linenos" data-linenos="13 "></span></a><span class="s">  --logtostderr=true \</span>
<a id="__codelineno-11-14" name="__codelineno-11-14"></a><a href="#__codelineno-11-14"><span class="linenos" data-linenos="14 "></span></a><span class="s">  --v=3</span>
<a id="__codelineno-11-15" name="__codelineno-11-15"></a><a href="#__codelineno-11-15"><span class="linenos" data-linenos="15 "></span></a>
<a id="__codelineno-11-16" name="__codelineno-11-16"></a><a href="#__codelineno-11-16"><span class="linenos" data-linenos="16 "></span></a><span class="s">User=root</span>
<a id="__codelineno-11-17" name="__codelineno-11-17"></a><a href="#__codelineno-11-17"><span class="linenos" data-linenos="17 "></span></a><span class="s">Group=root</span>
<a id="__codelineno-11-18" name="__codelineno-11-18"></a><a href="#__codelineno-11-18"><span class="linenos" data-linenos="18 "></span></a><span class="s">Restart=always</span>
<a id="__codelineno-11-19" name="__codelineno-11-19"></a><a href="#__codelineno-11-19"><span class="linenos" data-linenos="19 "></span></a><span class="s">RestartSec=5</span>
<a id="__codelineno-11-20" name="__codelineno-11-20"></a><a href="#__codelineno-11-20"><span class="linenos" data-linenos="20 "></span></a><span class="s">Type=notify</span>
<a id="__codelineno-11-21" name="__codelineno-11-21"></a><a href="#__codelineno-11-21"><span class="linenos" data-linenos="21 "></span></a><span class="s">LimitNOFILE=65536</span>
<a id="__codelineno-11-22" name="__codelineno-11-22"></a><a href="#__codelineno-11-22"><span class="linenos" data-linenos="22 "></span></a>
<a id="__codelineno-11-23" name="__codelineno-11-23"></a><a href="#__codelineno-11-23"><span class="linenos" data-linenos="23 "></span></a><span class="s">[Install]</span>
<a id="__codelineno-11-24" name="__codelineno-11-24"></a><a href="#__codelineno-11-24"><span class="linenos" data-linenos="24 "></span></a><span class="s">WantedBy=multi-user.target</span>
<a id="__codelineno-11-25" name="__codelineno-11-25"></a><a href="#__codelineno-11-25"><span class="linenos" data-linenos="25 "></span></a><span class="s">EOF</span>
<a id="__codelineno-11-26" name="__codelineno-11-26"></a><a href="#__codelineno-11-26"><span class="linenos" data-linenos="26 "></span></a>
<a id="__codelineno-11-27" name="__codelineno-11-27"></a><a href="#__codelineno-11-27"><span class="linenos" data-linenos="27 "></span></a>sudo systemctl daemon-reload
<a id="__codelineno-11-28" name="__codelineno-11-28"></a><a href="#__codelineno-11-28"><span class="linenos" data-linenos="28 "></span></a>sudo systemctl <span class="nb">enable</span> kube-proxy
<a id="__codelineno-11-29" name="__codelineno-11-29"></a><a href="#__codelineno-11-29"><span class="linenos" data-linenos="29 "></span></a>sudo systemctl restart kube-proxy
<a id="__codelineno-11-30" name="__codelineno-11-30"></a><a href="#__codelineno-11-30"><span class="linenos" data-linenos="30 "></span></a>sudo systemctl status kube-proxy
</code></pre></div>
<h3 id="213-calico">2.13 各节点部署 <code>calico</code><a class="headerlink" href="#213-calico" title="Permanent link">&para;</a></h3>
<h4 id="2131-calico-systemd">2.13.1 配置 <code>calico</code> systemd<a class="headerlink" href="#2131-calico-systemd" title="Permanent link">&para;</a></h4>
<p>TODO</p>
<h2 id="3-istio">3. Istio 生产组件部署<a class="headerlink" href="#3-istio" title="Permanent link">&para;</a></h2>
<p>TODO</p>
<h2 id="4-faq">4. FAQ<a class="headerlink" href="#4-faq" title="Permanent link">&para;</a></h2>
<ul>
<li>How to view the data of kubernetes in etcd ?</li>
</ul>
<div class="highlight"><pre><span></span><code><a id="__codelineno-12-1" name="__codelineno-12-1"></a><a href="#__codelineno-12-1"><span class="linenos" data-linenos="1 "></span></a><span class="c1"># Print etcd all keys.</span>
<a id="__codelineno-12-2" name="__codelineno-12-2"></a><a href="#__codelineno-12-2"><span class="linenos" data-linenos="2 "></span></a>etcdctl get / --prefix --keys-only
<a id="__codelineno-12-3" name="__codelineno-12-3"></a><a href="#__codelineno-12-3"><span class="linenos" data-linenos="3 "></span></a>
<a id="__codelineno-12-4" name="__codelineno-12-4"></a><a href="#__codelineno-12-4"><span class="linenos" data-linenos="4 "></span></a><span class="c1"># Gets kubernetes (cn-south1-k8s-t1) system node data output with hex.</span>
<a id="__codelineno-12-5" name="__codelineno-12-5"></a><a href="#__codelineno-12-5"><span class="linenos" data-linenos="5 "></span></a>etcdctl get /cn-south1-k8s-t1/clusterroles/system:node --hex
<a id="__codelineno-12-6" name="__codelineno-12-6"></a><a href="#__codelineno-12-6"><span class="linenos" data-linenos="6 "></span></a>
<a id="__codelineno-12-7" name="__codelineno-12-7"></a><a href="#__codelineno-12-7"><span class="linenos" data-linenos="7 "></span></a><span class="c1"># Deletion kubernetes (cn-south1-k8s-t1) all data.</span>
<a id="__codelineno-12-8" name="__codelineno-12-8"></a><a href="#__codelineno-12-8"><span class="linenos" data-linenos="8 "></span></a><span class="c1">#etcdctl del --prefix /cn-south1-k8s-t1</span>
</code></pre></div>

              
            </article>
          </div>
        </div>
        
      </main>
      
        <footer class="md-footer">
  
  <div class="md-footer-meta md-typeset">
    <div class="md-footer-meta__inner md-grid">
      <div class="md-copyright">
  
  
    Made with
    <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
      Material for MkDocs
    </a>
  
</div>
      
    </div>
  </div>
</footer>
      
    </div>
    <div class="md-dialog" data-md-component="dialog">
      <div class="md-dialog__inner md-typeset"></div>
    </div>
    <script id="__config" type="application/json">{"base": "../../..", "features": ["search.suggest", "search.highlight", "navigation.tabs", "navigation.expand", "toc.follow", "toc.integrate"], "search": "../../../assets/javascripts/workers/search.5e67fbfe.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "version": {"default": "latest", "provider": "mike"}}</script>
    
    
      <script src="../../../assets/javascripts/bundle.c44cc438.min.js"></script>
      
        <script src="../../../static/js/util.js"></script>
      
    
  </body>
</html>